show ip masks through vrf dhcp pool - cisco.com · start 192.168.1.10 end 192.168.1.253 start...

show ip masks through vrf DHCP pool

• show ip masks, page 5

• show ip nat limits all-host, page 6

• show ip nat limits all-vrf, page 8

• show ip nat nvi statistics, page 10

• show ip nat nvi translations, page 13

• show ip nat redundancy, page 15

• show ip nat statistics, page 17

• show ip nat translations, page 20

• show ip nat translations redundancy, page 24

• show ip nhrp, page 25

• show ip nhrp group-map, page 34

• show ip nhrp multicast, page 36

• show ip nhrp nhs, page 39

• show ip nhrp redirect, page 42

• show ip nhrp summary, page 44

• show ip nhrp traffic, page 46

• show ip route dhcp, page 48

• show ip snat, page 50

• show ip source binding, page 52

• show ip verify source, page 54

• show ipv6 dhcp, page 57

• show ipv6 dhcp binding, page 58

• show ipv6 dhcp conflict, page 61

• show ipv6 dhcp database, page 63

Cisco IOS IP Addressing Services Command Reference 1

• show ipv6 dhcp guard policy, page 65

• show ipv6 dhcp-ldra, page 67

• show ipv6 dhcp pool, page 70

• show ipv6 dhcp interface, page 72

• show ipv6 dhcp relay binding, page 75

• show ipv6 dhcp route, page 77

• show ipv6 nat statistics, page 78

• show ipv6 nat translations, page 80

• show logging ip access-list, page 83

• show mdns cache, page 85

• show mdns cache mac, page 87

• show mdns cache static, page 89

• show mdns requests, page 91

• show mdns service-types, page 93

• show mdns statistics, page 95

• show nat64, page 97

• show nat64 adjacency, page 101

• show nat64 aliases, page 103

• show nat64 ha status, page 105

• show nat64 limits, page 107

• show nat64 map-t, page 109

• show nat64 mappings dynamic, page 110

• show nat64 pools, page 112

• show nat64 prefix stateful, page 114

• show nat64 prefix stateless, page 116

• show nat64 routes, page 119

• show nat64 services, page 121

• show nat64 statistics, page 123

• show nat64 timeouts, page 126

• show nat64 translations, page 128

• show nat64 translations entry-type, page 131

• show nat64 translations redundancy, page 133

• show nat64 translations time, page 135

Cisco IOS IP Addressing Services Command Reference2


• show nat64 translations total, page 137

• show nat64 translations v4, page 140

• show nat64 translations v6, page 142

• show nat64 translations verbose, page 144

• show nhrp debug-condition, page 148

• show nhrp group-map, page 149

• show platform hardware qfp feature, page 151

• show platform hardware qfp feature alg statistics sip, page 156

• show platform software trace message, page 160

• show redundancy application control-interface group, page 163

• show redundancy application data-interface, page 165

• show redundancy application faults group, page 167

• show redundancy application group, page 169

• show redundancy application if-mgr, page 173

• show redundancy application protocol, page 176

• show redundancy application transport, page 179

• show running-config mdns-sd policy, page 181

• show running-config mdns-sd service-instance, page 183

• show running-config mdns-sd service-list, page 185

• show running-config vrf, page 187

• sip address, page 191

• sip domain-name, page 193

• snmp-server enable traps dhcp, page 195

• source-interface (mDNS), page 197

• subnet prefix-length, page 199

• term ip netmask-format, page 202

• timers hellotime, page 204

• trusted-port (DHCPv6 Guard), page 206

• update arp, page 207

• update dns, page 209

• utilization mark high, page 211

• utilization mark low, page 213

• view (DNS), page 215



• vrf (DHCP pool), page 219

• vrf (DHCPv6 pool), page 220



show ip masksTo display the masks used for network addresses and the number of subnets using each mask, use the showip masks command in EXEC mode.

show ip masks address

Syntax Description Network address for which a mask is required.address

Command Modes EXEC

Command History ModificationRelease

This command was introduced.10.0

This command was integrated into Cisco IOS Release 12.2(33)SRA.12.2(33)SRA

This command is supported in the Cisco IOS Release 12.2SX train. Supportin a specific 12.2SX release of this train depends on your feature set, platform,and platform hardware.

12.2SX

Usage Guidelines The show ip masks command is useful for debugging when a variable-length subnet mask (VLSM) is used.It shows the number of masks associated with the network and the number of routes for each mask.

Examples The following is sample output from the show ip masks command:

Router# show ip masks 172.16.0.0Mask Reference count255.255.255.255 2255.255.255.0 3255.255.0.0 1


show ip masks through vrf DHCP poolshow ip masks

show ip nat limits all-hostTo display the current Network Address Translation (NAT) limit entries of all configured hosts, use the showip nat limits all-host command in user EXEC or privileged EXEC mode.

show ip nat limits all-host [host-address host-address [end-host-address]| number-of-sessions {greater-than| less-than} number] [total]

Syntax Description (Optional) Displays statistics for a given address orrange of addresses.

host-address

Address of the host or the starting address in a range.host-address

(Optional) Ending address in a range.end-host-address

(Optional) Displays statistics for limit entries withthe given number of sessions.

number-of-sessions

(Optional) Displays statistics for limit entries withmore than the given number of sessions.

greater-than

(Optional) Displays statistics for limit entries withless than the given number of sessions.

less-than

(Optional) Number of sessions for comparison. Therange is from 0 to 2147483647.

number

(Optional) Displays only the total number of entriesfor a given query.

total

Command Modes User EXEC (>)

Privileged EXEC (#)


This command was introduced.Cisco IOS XE Release 3.4S

Usage Guidelines You can use the ip nat translation max-entries all-host command to limit the all-host NAT entries.

When you specify the total keyword with the show ip nat limits all-host command, the output displays onlythe total entries for a given query.


show ip masks through vrf DHCP poolshow ip nat limits all-host

Examples The following is sample output from the show ip nat limits all-host command:Router# show ip nat limits all-host

Host Max Entries Use Count Miss Count-------------------------------------------------

10.1.1.2 100000 1 0

Total number of limit entries: 1The table below describes the significant fields shown in the display.

Table 1: show ip nat limits all-host Field Descriptions

DescriptionField

The inside local or the outside global IP address ofthe host. The host is the inside local IP address forinside source translations and the outside global IPaddress for outside source translations.

Host

The configured maximum number of limit entries.Max Entries

The current number of translations for the limit entry.Use Count

Number of times a translation entry was not createdbecause of the use count exceeding the configuredmaximum for the limit entry.

Miss Count

Related Commands DescriptionCommand

Limits the number of NAT translations to a specifiedmaximum.

ip nat translation max-entries

Displays NAT statisticsshow ip nat statistics


show ip masks through vrf DHCP poolshow ip nat limits all-host

show ip nat limits all-vrfTo display the current Network Address Translation (NAT) limit entries for all configured VPN routing andforwarding (VRF) instances, use the show ip nat limits all-vrf command in user EXEC or privileged EXECmode.

show ip nat limits all-vrf [vrf-name name | number-of-sessions {greater-than | less-than} number] [total]

Syntax Description (Optional) Displays statistics for a specified VRF.vrf-name

VRF name.name

(Optional) Displays statistics for limit entries withthe given number of sessions.

number-of-sessions

(Optional) Displays statistics for limit entries withmore than the given number of sessions.

greater-than

(Optional) Displays statistics for limit entries withless than the given number of sessions.

less-than

(Optional) Number of sessions for comparison.The range is from 0 to 2147483647.

number

(Optional) Displays only the total number ofentries for a given query.

total


Privileged EXEC (#)



Usage Guidelines You can use the ip nat translation all-vrf command to limit the all-VRF NAT entries.

When you specify the total keyword with the show ip nat limits all-vrf command, the output displays onlythe total entries for a given query.


show ip masks through vrf DHCP poolshow ip nat limits all-vrf

Examples The following is sample output from the show ip nat limits all-vrf command:Router# show ip nat limits all-vrf

VRF Name Max Entries Use Count Miss Count-------------------------------------------------

VRF1 100000 1 0

Total number of limit entries: 1The table below describes the significant fields shown in the display.

Table 2: show ip nat limits all-vrf Field Descriptions

DescriptionField

Name of the VRF instance.VRF Name

The configured maximum number of limit entries.Max Entries

The current number of translations for the limit entry.Use Count

Number of times a translation entry was not createdbecause of the use count exceeding the configuredmaximum for the limit entry.

Miss Count


Limits the number of NAT translations to a specifiedmaximum.

ip nat translation max-entries

Displays NAT statisticsshow ip nat statistics


show ip masks through vrf DHCP poolshow ip nat limits all-vrf

show ip nat nvi statisticsTo display NAT virtual interface (NVI) statistics, use the show ip nat nvi statisticscommand in user EXECor privileged EXEC mode.

show ip nat nvi statistics

Syntax Description This command has no arguments or keywords.

Command Modes User EXEC (>) Privileged EXEC (#)


This command was introduced.12.3(14)T

Examples The following is sample output from the show ip nat nvi statistics command:

Router# show ip nat nvi statisticsTotal active translations: 0 (0 static, 0 dynamic; 0 extended) NAT Enabled interfaces:Hits: 0 Misses: 0CEF Translated packets: 0, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings:-- Inside Source[Id: 1] access-list 1 pool pool1 refcount 1213 pool pool1: netmask 255.255.255.0

start 192.168.1.10 end 192.168.1.253start 192.168.2.10 end 192.168.2.253start 192.168.3.10 end 192.168.3.253start 192.168.4.10 end 192.168.4.253type generic, total addresses 976, allocated 222 (22%), misses 0

[Id: 2] access-list 5 pool pool2 refcount 0 pool pool2: netmask 255.255.255.0start 192.168.5.2 end 192.168.5.254type generic, total addresses 253, allocated 0 (0%), misses 0

[Id: 3] access-list 6 pool pool3 refcount 3 pool pool3: netmask 255.255.255.0start 192.168.6.2 end 192.168.6.254type generic, total addresses 253, allocated 2 (0%), misses 0

[Id: 4] access-list 7 pool pool4 refcount 0 pool pool4 netmask 255.255.255.0start 192.168.7.30 end 192.168.7.200type generic, total addresses 171, allocated 0 (0%), misses 0

[Id: 5] access-list 8 pool pool5 refcount 109195 pool pool5: netmask 255.255.255.0start 192.168.10.1 end 192.168.10.253start 192.168.11.1 end 192.168.11.253start 192.168.12.1 end 192.168.12.253start 192.168.13.1 end 192.168.13.253start 192.168.14.1 end 192.168.14.253start 192.168.15.1 end 192.168.15.253start 192.168.16.1 end 192.168.16.253start 192.168.17.1 end 192.168.17.253start 192.168.18.1 end 192.168.18.253start 192.168.19.1 end 192.168.19.253start 192.168.20.1 end 192.168.20.253start 192.168.21.1 end 192.168.21.253start 192.168.22.1 end 192.168.22.253start 192.168.23.1 end 192.168.23.253start 192.168.24.1 end 192.168.24.253start 192.168.25.1 end 192.168.25.253


show ip masks through vrf DHCP poolshow ip nat nvi statistics

start 192.168.26.1 end 192.168.26.253type generic, total addresses 4301, allocated 3707 (86%),misses 0 Queued Packets:0

The table below describes the fields shown in the display.

Table 3: show ip nat nvi statistics Field Descriptions

DescriptionField

Number of translations active in the system. Thisnumber is incremented each time a translation iscreated and is decremented each time a translation iscleared or timed out.

Total active translations

List of interfaces marked as NAT enabled with theip nat enable command.

NAT enabled interfaces

Number of times the software does a translations tablelookup and finds an entry.

Hits

Number of times the software does a translations tablelookup, fails to find an entry, and must try to createone.

Misses

Number of packets switched via Cisco ExpressForwarding (CEF).

CEF Translated packets

Number of packets punted to the process switchedlevel.

CEF Punted packets

Cumulative count of translations that have expiredsince the router was booted.

Expired translations

Indicates that the information that follows is aboutdynamic mappings.

Dynamic mappings

The information that follows is about an inside sourcetranslation.

Inside Source

Access list number being used for the translation.access-list

Name of the pool.pool

Number of translations using this pool.refcount

IP network mask being used in the pool.netmask

Starting IP address in the pool range.start

Ending IP address in the pool range.end

Type of pool. Possible types are generic or rotary.type



DescriptionField

Number of addresses in the pool available fortranslation.

total addresses

Number of addresses being used.allocated

Number of failed allocations from the pool.misses

Number of packets in the queue.Queued Packets


Displays active NAT virtual interface translations.show ip nat nvi translations



show ip nat nvi translationsTo display active NAT virtual interface (NVI) translations, use the show ip nat nvi translations commandin user EXEC or privileged EXEC mode.

show ip nat nvi translations [protocol [global| vrf vrf-name]| vrf vrf-name| global] [verbose]

Syntax Description (Optional) Displays protocol entries. The protocolargument must be replaced with one of the followingkeywords:

• esp --Encapsulating Security Payload (ESP)protocol entries.

• icmp --Internet Control Message Protocol(ICMP) entries.

• pptp --Point-to-Point Tunneling Protocol(PPTP) entries.

• tcp --TCP protocol entries.

• udp --User Datagram Protocol (UDP) entries.

protocol

(Optional) Displays entries in the global destinationtable.

global

(Optional) Displays VPN routing and forwarding(VRF) traffic-related information.

vrf vrf-name

(Optional) Displays additional information for eachtranslation table entry, including how long ago theentry was created and used.

verbose




Examples The following is sample output from the show ip nat nvi translations command:

Router# show ip nat nvi translationsPro Source global Source local Destin local Destin global


show ip masks through vrf DHCP poolshow ip nat nvi translations

icmp 172.20.0.254:25 172.20.0.130:25 172.20.1.1:25 10.199.199.100:25icmp 172.20.0.254:26 172.20.0.130:26 172.20.1.1:26 10.199.199.100:26icmp 172.20.0.254:27 172.20.0.130:27 172.20.1.1:27 10.199.199.100:27icmp 172.20.0.254:28 172.20.0.130:28 172.20.1.1:28 10.199.199.100:28The table below describes the fields shown in the display.

Table 4: show ip nat nvi translations Field Descriptions

DescriptionField

Protocol of the port identifying the address.Pro

Source global address.Source global

Source local address.Source local

Destination local address.Destin local

Destination global address.Destin global


Displays NAT virtual interface statistics.show ip nat nvi statistics


show ip masks through vrf DHCP poolshow ip nat nvi translations

show ip nat redundancyTo display the Network Address Translation (NAT) high-availability information, use the show ip natredundancy command in privileged EXEC mode.

show ip nat redundancy rg-id

Syntax Description Redundancy group (rg) ID. Valid values are 1 and 2.rg-id

Command Modes Privileged EXEC (#)



Usage Guidelines Use the show ip nat redundancy command to display information about the NAT high-availability FiniteState Machine (FSM) and RG statistics.

Examples The following is sample output from the show ip nat redundancy command. The output fields areself-explanatory.Device1# show ip nat redundancy 1

RG ID: 1 RG Name: RG1Current State: IPNAT_HA_RG_ST_ACT_BULK_DONEPrevious State: IPNAT_HA_RG_ST_ACTIVERecent Events: Curr: IPNAT_HA_RG_EVT_RF_ACT_STBY_HOT

Prev: IPNAT_HA_RG_EVT_RF_ACT_STBY_BULK_START

Statistics :Static Mappings: 1, Dynamic Mappings: 0Sync-ed Entries :

NAT Entries: 0, Door Entries: 0Mapping ID Mismatches: 0Forwarded Packets: 0, Dropped Packets : 0Redirected Packets: 0

Device2# show ip nat redundancy 1

RG ID: 1 RG Name: RG1Current State: IPNAT_HA_RG_ST_STBY_HOTPrevious State: IPNAT_HA_RG_ST_STBY_COLDRecent Events: Curr: IPNAT_HA_RG_EVT_RF_STBY_COLD

Prev: IPNAT_HA_RG_EVT_NAT_CFG_REF

Statistics :Static Mappings: 1, Dynamic Mappings: 0Sync-ed Entries :

NAT Entries: 0, Door Entries: 0Mapping ID Mismatches: 0


show ip masks through vrf DHCP poolshow ip nat redundancy

Forwarded Packets: 0, Dropped Packets : 0Redirected Packets: 0


Displays active NAT translations.show ip nat translations redundancy


show ip masks through vrf DHCP poolshow ip nat redundancy

show ip nat statisticsTo display Network Address Translation (NAT) statistics, use the show ip nat statistics command in userEXEC or privileged EXEC mode.

show ip nat statistics



Privileged EXEC (#)




This command is supported in the Cisco IOS Release 12.2SX train. Supportin a specific 12.2SX release of this train depends on your feature set,platform, and platform hardware.

12.2SX

This command was integrated into Cisco IOS XE Release 2.1.Cisco IOS XE Release 2.1

This command was modified. The NAT limit statistics for all hosts and forall VPN routing and forwarding (VRF) instances were removed from theoutput of this command.

Cisco IOS XE Release 3.4S

Examples The following is sample output from the show ip nat statistics command:

Router# show ip nat statistics

Total translations: 2 (0 static, 2 dynamic; 0 extended)Outside interfaces: Serial0Inside interfaces: Ethernet1Hits: 135 Misses: 5Expired translations: 2Dynamic mappings:-- Inside Sourceaccess-list 1 pool net-208 refcount 2pool net-208: netmask 255.255.255.240

start 172.16.233.208 end 172.16.233.221type generic, total addresses 14, allocated 2 (14%), misses 0

The table below describes the significant fields shown in the display.


show ip masks through vrf DHCP poolshow ip nat statistics

Table 5: show ip nat statistics Field Descriptions

DescriptionField

Number of translations active in the system. Thisnumber is incremented each time a translation iscreated and is decremented each time a translation iscleared or times out.

Total translations

List of interfaces marked as outside with the ip natoutside command.

Outside interfaces

List of interfaces marked as inside with the ip natinside command.

Inside interfaces


Hits


Misses



Indicates that the information that follows is aboutdynamic mappings.

Dynamic mappings

Indicates that the information that follows is aboutan inside source translation.

Inside Source

Access list number being used for the translation.access-list

Name of the pool (in this case, net-208).pool

Number of translations using this pool.refcount

IP network mask being used in the pool.netmask

Starting IP address in the pool range.start

Ending IP address in the pool range.end

Type of pool. Possible types are generic or rotary.type

Number of addresses in the pool available fortranslation.

total addresses

Number of addresses being used.allocated

Number of failed allocations from the pool.misses




Clears dynamic NAT translations from the translationtable.

clear ip nat translation

Designates that traffic originating from or destinedfor the interface is subject to NAT.

ip nat

Enables NAT of the inside destination address.ip nat inside destination

Enables NAT of the inside source address.ip nat inside source

Enables NAT of the outside source address.ip nat outside source

Defines a pool of IP addresses for NAT.ip nat pool

Changes the amount of time after which NATtranslations time out.

ip nat service

Displays active NAT translations.show ip nat translations



show ip nat translationsTo display active Network Address Translation ( NAT) translations, use the show ip nat translations commandin EXEC mode.

show ip nat translations [inside global-ip] [outside local-ip] [esp] [icmp] [pptp] [tcp] [udp] [verbose] [vrfvrf-name]

Syntax Description (Optional) Displays Encapsulating Security Payload(ESP) entries.

esp

(Optional) Displays Internet Control MessageProtocol (ICMP) entries.

icmp

(Optional) Displays entries for only a specific insideglobal IP address.

inside global-ip

(Optional) Displays entries for only a specific outsidelocal IP address.

outside local-ip

(Optional) Displays Point-to-Point Tunneling Protocol(PPTP) entries.

pptp

(Optional) Displays TCP protocol entries.tcp

(Optional) Displays User Datagram Protocol (UDP)entries.

udp


verbose

(Optional) Displays VPN routing and forwarding(VRF) traffic-related information.

vrf vrf-name

Command Modes EXEC



The vrf vrf-name keyword and argument combination was added.12.2(13)T

The esp keyword was added.12.2(15)T


show ip masks through vrf DHCP poolshow ip nat translations

ModificationRelease



12.2SX

The inside and outside keywords were added.XE 2.4.2

This commandwas implemented on the Cisco ASR 901 Series AggregationServices Router.

15.4(2)S

This command was modified. The output of this command was updated todisplay details about NAT port parity and conservation.

Cisco IOS XE Everest 16.5.1

Examples The following is sample output from the show ip nat translations command.Without overloading, two insidehosts are exchanging packets with some number of outside hosts.

Router# show ip nat translationsPro Inside global Inside local Outside local Outside global--- 10.69.233.209 192.168.1.95 --- ------ 10.69.233.210 192.168.1.89 --- --With overloading, a translation for a Domain Name Server (DNS) transaction is still active, and translationsfor two Telnet sessions (from two different hosts) are also active. Note that two different inside hosts appearon the outside with a single IP address.

Router# show ip nat translationsPro Inside global Inside local Outside local Outside globaludp 10.69.233.209:1220 192.168.1.95:1220 172.16.2.132:53 172.16.2.132:53tcp 10.69.233.209:11012 192.168.1.89:11012 172.16.1.220:23 172.16.1.220:23tcp 10.69.233.209:1067 192.168.1.95:1067 172.16.1.161:23 172.16.1.161:23The following is sample output that includes the verbose keyword:

Router# show ip nat translations verbosePro Inside global Inside local Outside local Outside globaludp 172.16.233.209:1220 192.168.1.95:1220 172.16.2.132:53 172.16.2.132:53

create 00:00:02, use 00:00:00, flags: extendedtcp 172.16.233.209:11012 192.168.1.89:11012 172.16.1.220:23 172.16.1.220:23

create 00:01:13, use 00:00:50, flags: extendedtcp 172.16.233.209:1067 192.168.1.95:1067 172.16.1.161:23 172.16.1.161:23

create 00:00:02, use 00:00:00, flags: extendedThe following is sample output that includes the vrf keyword:

Router# show ip nat translations vrfabcPro Inside global Inside local Outside local Outside global--- 10.2.2.1 192.168.121.113 --- ------ 10.2.2.2 192.168.122.49 --- ------ 10.2.2.11 192.168.11.1 --- ------ 10.2.2.12 192.168.11.3 --- ------ 10.2.2.13 172.16.5.20 --- ---Pro Inside global Inside local Outside local Outside global--- 10.2.2.3 192.168.121.113 --- ------ 10.2.2.4 192.168.22.49 --- ---



The following is sample output that includes the esp keyword:

Router# show ip nat translations esp

Pro Inside global Inside local Outside local Outside globalesp 192.168.22.40:0 192.168.122.20:0 192.168.22.20:0 192.168.22.20:28726CD9

esp 192.168.22.40:0 192.168.122.20:2E59EEF5 192.168.22.20:0 192.168.22.20:0The following is sample output that includes the esp and verbose keywords:

Router# show ip nat translation esp verbose

Pro Inside global Inside local Outside local Outside globalesp 192.168.22.40:0 192.168.122.20:0 192.168.22.20:0 192.168.22.20:28726CD9

create 00:00:00, use 00:00:00,flags:

extended, 0x100000, use_count:1, entry-id:192, lc_entries:0esp 192.168.22.40:0 192.168.122.20:2E59EEF5 192.168.22.20:0 192.168.22.20:0

create 00:00:00, use 00:00:00, left 00:04:59, Map-Id(In):20,flags:

extended, use_count:0, entry-id:191, lc_entries:0The following is sample output that includes the insidekeyword:

Router# show ip nat translations inside 10.69.233.209Pro Inside global Inside local Outside local Outside globaludp 10.69.233.209:1220 192.168.1.95:1220 172.16.2.132:53 172.16.2.132:53The following is sample output when NAT that includes the insidekeyword:

Router# show ip nat translations inside 10.69.233.209Pro Inside global Inside local Outside local Outside globaludp 10.69.233.209:1220 192.168.1.95:1220 172.16.2.132:53 172.16.2.132:53The following is a sample output that displays information about NAT port parity and conservation:

Router# show ip nat translationsPro Inside global Inside local Outside local Outside globaludp 200.200.0.100:5066 100.100.0.56:5066 200.200.0.56:5060 200.200.0.56:5060udp 200.200.0.100:1025 100.100.0.57:10001 200.200.0.57:10001 200.200.0.57:10001udp 200.200.0.100:10000 100.100.0.56:10000 200.200.0.56:10000 200.200.0.56:10000udp 200.200.0.100:1024 100.100.0.57:10000 200.200.0.57:10000 200.200.0.57:10000udp 200.200.0.100:10001 100.100.0.56:10001 200.200.0.56:10001 200.200.0.56:10001udp 200.200.0.100:9985 100.100.0.57:5066 200.200.0.57:5060 200.200.0.57:5060Total number of translations: 6


Table 6: show ip nat translations Field Descriptions

DescriptionField

Protocol of the port identifying the address.Pro

The legitimate IP address that represents one or moreinside local IP addresses to the outside world.

Inside global

The IP address assigned to a host on the insidenetwork; probably not a legitimate address assignedby the Network Interface Card (NIC) or serviceprovider.

Inside local



DescriptionField

IP address of an outside host as it appears to the insidenetwork; probably not a legitimate address assignedby the NIC or service provider.

Outside local

The IP address assigned to a host on the outsidenetwork by its owner.

Outside global

How long ago the entry was created (inhours:minutes:seconds).

create

How long ago the entry was last used (inhours:minutes:seconds).

use

Indication of the type of translation. Possible flagsare:

• extended--Extended translation

• static--Static translation

• destination--Rotary translation

• outside--Outside translation

• timing out--Translation will no longer be used,due to a TCP finish (FIN) or reset (RST) flag.

flags


Clears dynamic NAT translations from the translationtable.

clear ip nat translation

Designates that traffic originating from or destinedfor the interface is subject to NAT.

ip nat

Enables NAT of the inside destination address.ip nat inside destination

Enables NAT of the inside source address.ip nat inside source

Enables NAT of the outside source address.ip nat outside source


Enables a port other than the default port.ip nat service

Displays NAT statistics.show ip nat statistics



show ip nat translations redundancyTo display active Network Address Translations (NAT) redundancy information, use the show ip nattranslations redundancy command in privileged EXEC mode.

show ip nat translations redundancy rg-id [verbose]

Syntax Description Redundancy group (RG) ID. Valid values are 1 and 2.rg-id

(Optional) Displays additional information for each translation table entry, includingthe time period when the entry was created and the duration for which it was used.

verbose




Usage Guidelines Use the show ip nat translations redundancy command to display information about the NAT translationsthat belong to a specified RG.

Examples The following is sample output from the show ip nat translations redundancy command for RG ID 1. Theoutput fields are self-explanatory.Device# show ip nat translations redundancy 1 verbose--- 10.1.1.2 192.0.2.3 --- ---

create 00:00:10, use 00:00:10 timeout:0,flags:

static, created-by-local, use_count: 0, router/rg id: 0/1 ha_entry_num: 0 mapp_id[in/out]:120/0, entry-id: 1, lc_entries: 0


Displays NAT redundancy information.show ip nat redundancy


show ip masks through vrf DHCP poolshow ip nat translations redundancy

show ip nhrpTo display Next Hop Resolution Protocol (NHRP) mapping information, use the show ip nhrp command inuser EXEC or privileged EXEC mode.

show ip nhrp [dynamic| incomplete| static] [address| interface] [brief| detail] [purge] [shortcut]

Syntax Description (Optional) Displays dynamic (learned)IP-to-nonbroadcast multiaccess address (NBMA)mapping entries. Dynamic NHRP mapping entriesare obtained from NHRP resolution/registrationexchanges. See the table below for types, numberranges, and descriptions.

dynamic

(Optional) Displays information about NHRPmapping entries for which the IP-to-NBMA is notresolved. See the table below for types, numberranges, and descriptions.

incomplete

(Optional) Displays static IP-to-NBMA addressmapping entries. Static NHRP mapping entries areconfigured using the ip nhrpmap command. See thetable below for types, number ranges, anddescriptions.

static

(Optional) Displays NHRP mapping entries forspecified protocol addresses.

address

(Optional) Displays NHRP mapping entries for thespecified interface. See the table below for types,number ranges, and descriptions.

interface

(Optional) Displays a short output of the NHRPmapping.

brief

(Optional) Displays detailed information about NHRPmapping.

detail

(Optional) Displays NHRP purge information.purge

(Optional) Displays NHRP shortcut information.shortcut



show ip masks through vrf DHCP poolshow ip nhrp

Command Default Information is displayed for all NHRP mappings.





12.2SX

The output of this command was extended to display the NHRP groupreceived from the spoke.

12.4(22)T

This commandwasmodified. Support was added for the shortcut keyword.Cisco IOS XE Release 2.5

Usage Guidelines The table below lists the valid types, number ranges, and descriptions for the optional interface argument.

The valid types can vary according to the platform and interfaces on the platform.Note

Table 7: Valid Types, Number Ranges, and Interface Description

Interface DescriptionsNumber RangesValid Types

Async1async

ATM0 to 6atm

Bridge-Group Virtual Interface1 to 255bvi

CDMA Ix1cdma-ix

C-Tunnel0 to 2147483647ctunnel

Dialer0 to 20049dialer

Ethernet0 to 4294967295ethernet

FastEthernet IEEE 802.30 to 6fastethernet

Lex0 to 2147483647lex

Loopback0 to 2147483647loopback




Multilink Frame Relay bundle0 to 2147483647mfr

Multilink-group0 to 2147483647multilink

Null0null

Port channel1 to 64port-channel

Tunnel0 to 2147483647tunnel

PGM multicast host1vif

Virtual PPP0 to 2147483647virtual-ppp

Virtual template1 to 1000virtual-template

Virtual Token Ring0 to 2147483647virtual-tokenring

Extended tag ATM0 to 2147483647xtagatm

Examples The following is sample output from the show ip nhrpcommand. This output shows the NHRP group receivedfrom the spoke:

Router# show ip nhrp10.0.0.2/32 via 10.0.0.2, Tunnel0 created 00:17:49, expire 00:01:30Type: dynamic, Flags: unique registered usedNBMA address: 172.17.0.2Group: test-group-0

10.0.0.3/32 via 10.0.0.3, Tunnel0 created 00:00:11, expire 01:59:48Type: dynamic, Flags: unique registered usedNBMA address: 172.17.0.3Group: test-group-0

11.0.0.2/32 via 11.0.0.2, Tunnel1 created 00:17:49, expire 00:02:10Type: dynamic, Flags: unique registered usedNBMA address: 172.17.0.2Group: test-group-1

The following is sample output from the show ip nhrp shortcut command:

Router#show ip nhrp shortcut10.1.1.1/24 via 1.1.1.22 Tunnel0 created 00:00:05, expire 00:02:24

Type: dynamic, Flags: router ribNBMA address: 10.12.1.1

10.1.1.2/24 via 1.1.1.22 Tunnel0 created 00:00:05, expire 00:02:24Type: dynamic, Flags: router rib nhoNBMA address: 10.12.1.2

The following is sample output from the show ip nhrp detailcommand:

Router# show ip nhrp detail10.1.1.1/8 via 10.2.1.1, Tunnel1 created 00:46:29, never expireType: static, Flags: usedNBMA address: 10.12.1.1

10.1.1.2/8 via 10.2.1.2, Tunnel1 created 00:00:12, expire 01:59:47Type: dynamic, Flags: authoritative unique nat registered usedNBMA address: 10.12.1.2



10.1.1.4, Tunnel1 created 00:00:07, expire 00:02:57Type: incomplete, Flags: negativeCache hits: 4

The table below describes the significant fields shown in the displays.

Table 8: show ip nhrp Field Descriptions

DescriptionField

Target network.10.1.1.1/8

Next Hop to reach the target network.via 10.2.1.1

Interface through which the target network is reached.Tunnel1

Length of time since the entry was created(hours:minutes:seconds).

created 00:00:12

Time remaining until the entry expires(hours:minutes:seconds).

expire 01:59:47

Indicates that static entries never expire.never expire

• dynamic--NHRP mapping is obtaineddynamically. Themapping entry is created usinginformation from the NHRP resolution andregistrations.

• static--NHRP mapping is configured statically.Entries configured by the ip nhrp mapcommand are marked static.

• incomplete--The NBMA address is not knownfor the target network.

Type

Nonbroadcast multiaccess address of the next hop.The address format is appropriate for the type ofnetwork being used: ATM, Ethernet, SwitchedMultimegabit Data Service (SMDS), or multipointtunnel.

NBMA address



DescriptionField

• authoritative--Indicates that the NHRPinformation was obtained directly from the NextHop Server or router that maintains and isauthoritative for the NBMA-to-IP addressmapping for a particular destination.

• implicit--Indicates that the local node learnedabout the NHRP mapping entries from thesource mapping information of an NHRPresolution request received by the local router,or from an NHRP resolution packet beingforwarded through the local router.

• local--Indicates NHRPmapping entries that arefor networks local to this router (that is, servicedby this router). These flag entries are createdwhen this router answers an NHRP resolutionrequest that has this information and is used tostore the transport (tunnel) IP address of all theother NHRP nodes to which it has sent thisinformation. If for some reason this router losesaccess to this local network (that is, it can nolonger service this network), it sends an NHRPpurge message to all remote NHRP nodes thatare listed in the “local” entry (in show ip nhrpdetail command output) to tell the remote nodesto clear this information from their NHRPmapping tables. This local mapping entry timesout of the local NHRP mapping database at thesame time that this information (from the NHRPresolution reply) would time out of the NHRPmapping database on the remote NHRP nodes.

• nat--Indicates that the remote node (NHS client)supports the new NHRP NAT extension typefor dynamic spoke-spoke tunnels to/from spokesbehind a NAT router. This marking does notindicate that the spoke (NHS client) is behinda NAT router.

Flags



DescriptionField

• negative--For negative caching, indicates thatthe requested NBMAmapping has not yet beenor could not be obtained. When NHRP sendsan NHRP resolution request, an incomplete(negative) NHRPmapping entry for the addressis inserted in the resolution request. Thisinsertion suppresses any more triggering ofNHRP resolution requests while the resolutionrequest is being resolved. If configured, anyencryption parameters (IKE/IPsec) for the tunnelare negotiated.

• (no socket)--Indicates that the NHRP mappingentries will not trigger IPsec to set up encryptionbecause data traffic does not need to use thistunnel. Later, if data traffic needs to use thistunnel, the flag will change from a “(no socket)”to a “(socket)” entry and IPsec will be triggeredto set up the encryption for this tunnel. Localand implicit NHRP mapping entries are alwaysinitially marked as “(no socket).” By default,NHRP caches source information from NHRPresolution request or replies as they go throughthe system. To allow this caching to continue,but not have the entry create an IPsec socket,they are marked as (no socket). If this was notdone there would be extra IPsec sockets fromthe hubs to the various spokes that either werenot used or were used for only one or twopackets while a direct spoke-to-spoke tunnelwas being built. Data packets and NHRPpackets that arrive on the tunnel interface andare forwarded back out the tunnel interface arenot allowed to use the (no socket) NHRPmappings for forwarding. Because, in this case,the router is an intermediate node in the pathbetween the two endpoints and we only want tocreate short-cut tunnels between the initialentrance and final exit point of the DMVPN(NBMA) network and not between anyintermediate nodes. If at some point the routerreceives a data packet that has a source interfacethat is not the tunnel interface and it would usethe (no socket) mapping entry, the routerconverts the (no socket) entry to a (socket)entry. In this case, this router is the entrance (orexit) point of the NBMA (for this traffic stream).

Flags (continued)



DescriptionField

• (no socket) (continued)--These (no socket)mapping entries are marked (non-authoritative);only mappings from NHRP registrations aremarked (authoritative). The NHRP resolutionrequests are also marked (authoritative), whichmeans that the NHRP resolution request can beanswered only from an (authoritative) NHRPmapping entry. A (no socket) mapping entrywill not be used to answer an NHRP resolutionrequest and the NHRP resolution request willbe forwarded to the NHS of the nodes .

• registered--Indicates that the mapping entry wascreated in response to an NHRP registrationrequest. Although registered mapping entriesare dynamic entries, they may not be refreshedthrough the “used” mechanism. Instead, theseentries are refreshed by another NHRPregistration request with the same transport(tunnel) IP to NBMA address mapping. TheNext Hop Client (NHC) periodically sendsNHRP registration requests to keep thesemappings from expiring.

• router--Indicates that NHRP mapping entriesfor a remote router (that is accessing a networkor host behind the remote router) are markedwith the router flag.

• unique--NHRP registration requests have theunique flag set on by default. This flag indicatesthat an NHRP mapping entry cannot beoverwritten by a mapping entry that has thesame IP address and a different NBMA address.When a spoke has a statically configured outsideIP (NBMA) address, this is used to keep anotherspoke that is mis-configured with the sametransport (tunnel) IP address from overwritingthis entry. If a spoke has a dynamic outside IP(NBMA) address, you can configure the ip nhrpregistration no-unique command on the spoketo clear this flag. This configuration allows theregistered NHRP mapping entry for that spokeon the hub to be overwritten with a newNBMAaddress. This is necessary in this case becausethe spoke's outside IP (NBMA) address canchange at any time. If the “unique” flag was set,the spoke would have to wait for the mappingentry on the hub to time out before it couldregister its new (NBMA) mapping.

Flags (continued)



DescriptionField

• used--When data packets are process-switchedand this mapping entry was used, the mappingentry is marked as used. The mapping databaseis checked every 60 seconds. If the used flag isset and more than 120 seconds remain untilexpire time, the used flag is cleared. If fewerthan 120 seconds are left, this mapping entry is“refreshed” by the transmission of anotherNHRP resolution request.

When using DMVPN Phase 3 in 12.4(6)T,CEF switched packets will also set the “used”flag, and these entries will be timed out andrefreshed as described in the “used” flagdescription above.

Note

Flags (continued)


Configures a NHRP group on a spoke.ip nhrp group

Statically configures the IP-to-NBMA addressmapping of IP destinations connected to an NBMAnetwork.

ip nhrp map

Adds NHRP groups to QoS policy mappings on ahub.

ip nhrp map group

Enables shortcut switching on the tunnel interface.ip nhrp shortcut

Displays DMVPN-specific session information.show dmvpn

Displays the details of NHRP group mappings on ahub and the list of tunnels using each of the NHRPgroups defined in the mappings.

show ip nhrp group-map

Displays NHRP multicast mapping information.show ip nhrp multicast

Displays NHRP Next Hop Server information.show ip nhrp nhs

Displays NHRP mapping summary information.show ip nhrp summary

Displays NHRP traffic statistics.show ip nhrp traffic

Displays statistics about a specific QoS policy as itis applied to a tunnel endpoint.

show policy-map mgre



show ip nhrp group-mapTo display the details of NHRP group mappings, use the show ip nhrp group-mapcommand in user EXECor privileged EXEC mode.

show ip nhrp group-map [ group-name ]

Syntax Description (Optional) Name of an NHRP group mapping forwhich information will be displayed.

group-name

Command Default Information is displayed for all NHRP group mappings.




Usage Guidelines This command displays the details on NHRP group mappings on the hub along with the list of tunnels usingeach of the NHRP groups defined in the mappings. In combination with the show ip nhrp command, thiscommand lets you easily determine which QoS policy map is applied to a specific tunnel endpoint.

This command displays the details of the specified NHRP group mapping. The details include the associatedQoS policy name and the list of tunnel endpoints using the QoS policy. If no option is specified, it displaysthe details of all NHRP group mappings.

Examples The following is sample output from the show ip nhrp group-mapcommand:

Router# show ip nhrp group-mapInterface: Tunnel0NHRP group: test-group-0QoS policy: queueingTunnels using the QoS policy:Tunnel destination overlay/transport address10.0.0.2/172.17.0.210.0.0.3/172.17.0.3

Interface: Tunnel1NHRP group: test-group-1QoS policy: queueingTunnels using the QoS policy:Tunnel destination overlay/transport address11.0.0.2/172.17.0.2NHRP group: test-group-2QoS policy: p1Tunnels using the QoS policy: None


show ip masks through vrf DHCP poolshow ip nhrp group-map

The following is sample output from the show ip nhrp group-mapcommand for an NHRP group namedtest-group-0:

Router# show ip nhrp group-map test-group-0Interface: Tunnel0NHRP group: test-group-0QoS policy: queueingTunnels using the QoS policy:Tunnel destination overlay/transport address10.0.0.2/172.17.0.210.0.0.3/172.17.0.3


Table 9: show ip nhrp group-map Field Descriptions

DescriptionField

Interface on which the policy is configured.Interface

NHRP group associated with the QoS policy on theinterface.

NHRP group

QoS policy configured on the interface.QoS policy

List of tunnel endpoints using the QoS policy.Tunnels using the QoS Policy

Tunnel destination overlay address (such as the tunnelendpoint address).

Tunnel destination overlay/transport address


Configures a NHRP group on a spoke.ip nhrp group


ip nhrp map


ip nhrp map group


Displays NHRP mapping information.show ip nhrp




show ip masks through vrf DHCP poolshow ip nhrp group-map

show ip nhrp multicastTo display Next Hop Resolution Protocol (NHRP) multicast mapping information, use the show ip nhrpmulticast command in user EXEC or privileged EXEC mode.

show ip nhrp multicast [nbma-address| interface]

Syntax Description (Optional) Displays multicast mapping informationfor the specified NBMA address.

nbma-address

(Optional) Displays all multicast mapping entries ofthe NHRP network for the interface. See the tablebelow for types, number ranges, and descriptions.

interface


Privileged EXEC (#)


This command was introduced.12.4(7)

Usage Guidelines The table below lists the valid types, number ranges, and descriptions for the optional interface argument.


Table 10: Interface Types, Valid Numbers, and Interface Descriptions

Interface DescriptionsValid NumbersInterface Types

Async1async

ATM0 to 6atm


CDMA Ix1cdma-ix




show ip masks through vrf DHCP poolshow ip nhrp multicast

Interface DescriptionsValid NumbersInterface Types



Lex0 to 2147483647lex




Null0null








Examples The following is sample output from the show ip nhrp multicast command:

Router# show ip nhrp multicastI/F NBMA address

Tunnel1 1.1.1.1 Flags: staticThe table below describes the fields shown in the display.

Table 11: show ip nhrp Field Descriptions

DescriptionField

Interface associated with the multicast mapping entry.I/F

NonbroadcastMultiaccessAddress to whichmulticastpackets will be sent. The address format is appropriatefor the type of network used: ATM, Ethernet, SMDS,or multipoint tunnel.

NBMA address



DescriptionField

• static—Indicates that the multicast mappingentry is configured statically by the ip nhrpmap multicast command.

• dynamic—Indicates that the multicast mappingentry is obtained dynamically. A multicastmapping entry is created for each registeredNext Hop Client (NHC) when the ip nhrpmapmulticast dynamic command is configured.

Flags



ip nhrp map


Displays NHRP next-hop server information.show ip nhrp nhs





show ip nhrp nhsTo display Next Hop Resolution Protocol (NHRP) next hop server (NHS) information, use the show ip nhrpnhscommand in user EXEC or privileged EXEC mode.

show ip nhrp nhs [ interface ] [detail]

Syntax Description (Optional) Displays NHS information currentlyconfigured on the interface. See the table below fortypes, number ranges, and descriptions.

interface

(Optional) Displays detailed NHS information.detail

Command Modes User EXEC Privileged EXEC



This command was integrated into Cisco IOS release 12.2(33)SRB.12.2(33)SRB


12.2SX

Usage Guidelines The table below lists the valid types, number ranges, and descriptions for the optional interfaceargument.


Table 12: Valid Types, Number Ranges, and Interface Descriptions


Async1async

ATM0 to 6atm


CDMA Ix1cdma-ix


show ip masks through vrf DHCP poolshow ip nhrp nhs






Lex0 to 2147483647lex




Null0null








Examples The following is sample output from the show ip nhrp nhs detail command:

Router# show ip nhrp nhs detailLegend:E=Expecting repliesR=Responding

Tunnel1:5.1.1.1 E req-sent 128 req-failed 1 repl-recv 0

Pending Registration Requests:Registration Request: Reqid 1, Ret 64 NHS 5.1.1.1The table below describes the significant field shown in the display.

Table 13: show ip nhrp nhs Field Descriptions

DescriptionField

Interface through which the target network is reached.Tunnel1





ip nhrp map







show ip nhrp redirectTo display Next Hop Resolution Protocol (NHRP) redirect table information, use the show ip nhrpredirectcommand in user EXEC or privileged EXEC mode.

show ip nhrp redirect statistics



This command was introduced.12.2SX

Examples The following is sample output from the show ip nhrp redirect command:

Router# show ip nhrp redirect

I/F NBMA address Destination Drop Count Expiry

Tunnel43 10.232.195.197 10.138.140.33 2 00:00:05Tunnel43 10.232.195.193 10.138.140.33 54 00:00:05Tunnel43 10.232.195.185 10.138.140.33 1 00:00:06Tunnel43 10.232.195.189 10.138.140.33 0 00:00:07Tunnel43 10.232.195.205 10.138.153.66 52 00:00:07

This output shows the content of the NHRP redirect table on the node. An entry in output indicates that furtherredirect messages to the NBMA address for the destination will be suppressed as long as the correspondingentry doesn't expire

The table below describes the fields shown in the command output.

Table 14: show ip nhrp redirect command- Field Descriptions

DescriptionField Output

Displays the address where the redirect message issent to. This is the NBMA address of the sourcespoke.

NBMA Address

Displays the destination IP address from the datapacket that triggered the NHRP redirect. This is theLAN address that is behind the destination spoke.

Destination

Displays the number of redirect messages throttleddue to presence of this entry in the redirect table .

Drop Count


show ip masks through vrf DHCP poolshow ip nhrp redirect


Displays the lifetime of the redirect entry. The defaultmax lifetime is 8 seconds. At expiry of the lifetime,the entry is deleted and new redirect messages withthese details can be sent by this node if there arefurther data packets matching these entries .

Expiry

Examples The following is sample output from the show ip nhrp redirect statistics command:

Router# show ip nhrp redirect statistics

DMVPN Redirect Indications throttled: 7


show ip masks through vrf DHCP poolshow ip nhrp redirect

show ip nhrp summaryTo display Next Hop Resolution Protocol (NHRP) mapping summary information, use the show ip nhrpsummarycommand in user EXEC or privileged EXEC mode.

show ip nhrp summary




This command was integrated into Cisco IOS release 12.2(33)SRB.12.2(33)SRB


12.2SX

Examples The following is sample output from the show ip nhrp summary command:

Router# show ip nhrp summaryIP NHRP cache 1 entry, 256 bytes

1 static 0 dynamic 0 incompleteThe table below describes the significant field shown in the display.

Table 15: show ip nhrp summary Field Descriptions


NHRP mapping is obtained dynamically. Themapping entry is created using information from theNHRP resolution and registrations

dynamic

NHRP mapping is configured statically. Entriesconfigured by the ip nhrpmap command are markedstatic.

static

NBMA address is not known for the target network.incomplete


show ip masks through vrf DHCP poolshow ip nhrp summary



ip nhrp map



Displays NHRP Next Hop Server information.show ip nhrp nhs



show ip masks through vrf DHCP poolshow ip nhrp summary

show ip nhrp trafficTo display Next Hop Resolution Protocol (NHRP) traffic statistics, use the show ip nhrp traffic commandin privileged EXEC mode.

show ip nhrp traffic[interface| {tunnel number| Virtual-Access number}]

Syntax Description (Optional) Displays NHRP traffic information for agiven interface.

interface

Specifies the tunnel interface number.tunnel number

Specifies the virtual access interface number.Virtual-Access number




This command was modified. The show output was enhanced to displayinformation about traffic indication (redirects).

12.4(6)T

This command was modified. The interface and tunnel keywords and thenumber argument were added.

12.4(9)T



12.2SX


This commandwasmodified. TheVirtual-Access number keyword-argumentpair was added.

15.3(2)T

Usage Guidelines Replacing ip in the command name with ipv6 clears IPv6-specific traffic.

Examples The following example shows sample output for NHRP traffic statistics for tunnel interface 0:

Device# show ip nhrp traffic interface tunnel0


show ip masks through vrf DHCP poolshow ip nhrp traffic

Tunnel0: Max-send limit:100Pkts/10Sec, Usage:0%Sent: Total 79

18 Resolution Request 10 Resolution Reply 42 Registration Request0 Registration Reply 3 Purge Request 6 Purge Reply0 Error Indication 0 Traffic Indication

Rcvd: Total 6910 Resolution Request 15 Resolution Reply 0 Registration Request36 Registration Reply 6 Purge Request 2 Purge Reply0 Error Indication 0 Traffic Indication


Table 16: show ip nhrp traffic Field Descriptions

DescriptionField

Interface type and number.Tunnel0

Maximum number of NHRP messages that can besent by this station in the given interval.

Max-send limit

Number of NHRP resolution request packetsoriginated from or received by this station.

Resolution Request

Number of NHRP resolution reply packets originatedfrom or received by this station.

Resolution Reply

Number of NHRP registration request packetsoriginated from or received by this station.

Registration Request

Number of NHRP registration reply packetsoriginated from or received by this station.

Registration Reply

Number of NHRP purge request packets originatedfrom or received by this station.

Purge Request

Number of NHRP purge reply packets originated fromor received by this station.

Purge Reply

Number of NHRP error packets originated from orreceived by this station.

Error Indication

Number of NHRP traffic indication packets (redirects)originated from or received by this station.

Traffic Indication


Enables NHRP conditional debugging.debug nhrp condition

Enables NHRP error level debugging.debug nhrp error


show ip masks through vrf DHCP poolshow ip nhrp traffic

show ip route dhcpTo display the routes added to the routing table by the Dynamic Host Configuration Protocol (DHCP) serverand relay agent, use the show ip route dhcp command in privileged EXEC configuration mode.

show ip route [vrf vrf-name] dhcp [ ip-address ]

Syntax Description (Optional) Specifies VPN routing and forwarding(VRF) instance.

vrf

(Optional) Name of the VRF.vrf-name

(Optional) Address about which routing informationshould be displayed.

ip-address

Command Default No default behavior or values

Command Modes Privileged EXEC





12.2SX

Usage Guidelines To display information about global routes, use the show ip route dhcp command. To display routes in theVRF routing table, use the show ip route vrf vrf-name dhcp command.

Examples The following is sample output from the show ip route dhcpcommand when entered without an address.This command lists all routes added by the DHCP server and relay agent.

Router# show ip route dhcp10.5.5.56/32 is directly connected, ATM0.210.5.5.217/32 is directly connected, ATM0.2


show ip masks through vrf DHCP poolshow ip route dhcp

The following is sample output from the show ip route dhcp command when an address is specified. Theoutput shows the details of the address with the server address (who assigned it) and the lease expiration time.

Router# show ip route dhcp 10.5.5.217

10.5.5.217 is directly connected, ATM0.2DHCP Server: 10.9.9.10 Lease expires at Nov 08 2001 01:19 PM

The following is sample output from the show ip route vrf vrf-name dhcpcommand when entered withoutan address:

Router# show ip route vrf abc dhcp10.5.5.218/32 is directly connected, ATM0.2

The following is sample output from the show ip route vrf vrf-name dhcpcommand when an address isspecified. The output shows the details of the address with the server address (who assigned it) and the leaseexpiration time.

Router# show ip route vrf red dhcp 10.5.5.21810.5.5.218/32 is directly connected, ATM0.2DHCP Server: 10.9.9.10 Lease expires at Nov 08 2001 03:15PM


Removes routes from the routing table added by theDHCP server and relay agent for the DHCP clientson unnumbered interfaces.

clear ip route dhcp


show ip masks through vrf DHCP poolshow ip route dhcp

show ip snatTo display active Stateful Network Address Translation (SNAT) translations, use the show ip snat commandin EXEC mode.

show ip snat [distributed [verbose]| peer ip-address]

Syntax Description (Optional) Displays information about the distributedNAT, including its peers and status.

distributed


verbose

(Optional) Displays TCP connection informationbetween peer routers.

peer ip-address

Command Modes EXEC



Examples The following is sample output from the show ip snat distributed command for stateful NAT connectedpeers:

Router# show ip snat distributedStateful NAT Connected PeersSNAT: Mode PRIMARY:State READY:Local Address 192.168.123.2:Local NAT id 100:Peer Address 192.168.123.3:Peer NAT id 200:Mapping List 10The following is sample output from the show ip snat distributed verbosecommand for stateful NATconnected peers:

Router# show ip snat distributed verboseSNAT: Mode PRIMARYStateful NAT Connected Peers:State READY:Local Address 192.168.123.2:Local NAT id 100:Peer Address 192.168.123.3:Peer NAT id 200


show ip masks through vrf DHCP poolshow ip snat

:Mapping List 10:InMsgs 7, OutMsgs 7, tcb 0x63EBA408, listener 0x0


show ip masks through vrf DHCP poolshow ip snat

show ip source bindingTo display IP-source bindings configured on the system, use the show ip source command command inprivileged EXEC mode.

show ip source binding [ ip-address ] [mac-address ] [dhcp-snooping| static] [vlan vlan-id] [interface typemod/port]

Syntax Description (Optional) Binding IP address.ip-address

(Optional) Binding MAC address.mac-address

(Optional) Specifies DHCP snooping binding entry.dhcp-snooping

(Optional) Specifies a static binding entry.static

(Optional) Specifies the Layer 2 VLAN identification;valid values are from 1 to 4094.

vlan vlan-id

(Optional) Interface type; possible valid values arefastethernet, gigabitethernet, tengigabitethernet,port-channel num, and vlan vlan-id.

interface type

Module and port number.mod / port

Command Default Both static and DHCP-snooping bindings are displayed.



This command was introduced.12.2(33)SXH

Usage Guidelines Each optional parameter is used to filter the display output.

Examples This example shows the output without entering any keywords:

Router# show ip source binding

MacAddress IpAddress Lease(sec) Type VLAN Interface------------------ --------------- ---------- ------------- ---- --------------------


show ip masks through vrf DHCP poolshow ip source binding

00:00:00:0A:00:0B 17.16.0.1 infinite static 10 FastEthernet6/1000:00:00:0A:00:0A 17.16.0.2 10000 dhcp-snooping 10 FastEthernet6/11This example shows how to display the static IP binding entry for a specific IP address:

Router# show ip source binding 17.16.0.1 0000.000A.000B static vlan 10 interfacegigabitethernet6/10MacAddress IpAddress Lease(sec) Type VLAN Interface------------------ --------------- ---------- ------------- ---- --------------------

00:00:00:0A:00:0B 17.16.0.1 infinite static 10 FastEthernet6/10

The table below describes the significant fields in the display.

Table 17: show ip source binding Field Descriptions

DescriptionField

Client hardware MAC address.MAC Address

Client IP address assigned from the DHCP server.IP Address

IP address lease time.Lease (seconds)

Binding type; static bindings configured from CLI todynamic binding learned from DHCP snooping.

Type

VLAN number of the client interface.VLAN

Interface that connects to the DHCP client host.Interface


Adds or deletes a static IP source binding entry.ip source binding

Enables or disables the per 12-port IP source guard.ip verify source vlan dhcp-snooping

Displays the IP source guard configuration and filterson a particular interface.

show ip verify source


show ip masks through vrf DHCP poolshow ip source binding

show ip verify sourceTo display the IP source guard configuration and filters on a particular interface, use the show ip verify sourcecommand in EXEC mode.

show ip verify source [interface type mod/port] [efp_id efp_id]

Syntax Description (Optional) Specifies the interface type; possible validvalues are fastethernet, gigabitethernet,tengigabitethernet, port-channel num, and vlanvlan-id.

interface type

Module and port number.mod / port

(Optional) Specifies the Ethernet flow point (EFP)(service instance) ID.

efp_id

EFP number; range is 1 to 8000.efp_id

Command Default This command has no default settings.

Command Modes EXEC (#)


This command was introduced.12.2(33)SXH

The efp_id efp_idkeyword and argument were added.12.2(33)SRD

Usage Guidelines Enable port security first because the DHCP security MAC filter cannot apply to the port or VLAN.

Examples This example shows the display when DHCP snooping is enabled on VLANs 10 to 20, the interface has IPsource filter mode that is configured as IP, and there is an existing IP address binding 10.0.0.1 on VLAN 10:

Router# show ip verify source interface gigabitethernet6/1Interface Filter-type Filter-mode IP-address Mac-address Vlan--------- ----------- ----------- --------------- -------------- ---------gi6/1 ip active 10.0.0.1 10gi6/1 ip active deny-all 11-20This example shows how to display the IP source guard configuration and filters on a specific interface:

Router# show ip verify source interface gigabitethernet6/1


show ip masks through vrf DHCP poolshow ip verify source

Interface Filter-type Filter-mode IP-address Mac-address Vlan--------- ----------- ----------- --------------- -------------- ---------gi6/1 ip inactive-trust-portThis example shows the display when the interface does not have a VLAN enabled for DHCP snooping:

Router# show ip verify source interface gigabitethernet6/3Interface Filter-type Filter-mode IP-address Mac-address Vlan--------- ----------- ----------- --------------- -------------- ---------gi6/3 ip inactive-no-snooping-vlanThis example shows the display when the interface has an IP source filter mode that is configured as IP MACand an existing IP MAC binds 10.0.0.2/aaaa.bbbb.cccc on VLAN 10 and 10.0.0.1/aaaa.bbbb.cccd on VLAN11:

Router# show ip verify source interface gigabitethernet6/4Interface Filter-type Filter-mode IP-address Mac-address Vlan--------- ----------- ----------- --------------- -------------- ---------gi6/4 ip-mac active 10.0.0.2 aaaa.bbbb.cccc 10gi6/4 ip-mac active 10.0.0.1 aaaa.bbbb.cccd 11gi6/4 ip-mac active deny-all deny-all 12-20This example shows the display when the interface has an IP source filter mode that is configured as IP MACand an existing IP MAC binding 10.0.0.3/aaaa.bbbb.ccce on VLAN 10, but port security is not enabled onthe interface:

Router# show ip verify source interface gigabitethernet6/5Interface Filter-type Filter-mode IP-address Mac-address Vlan--------- ----------- ----------- --------------- -------------- ---------gi6/5 ip-mac active 10.0.0.3 permit-all 10gi6/5 ip-mac active deny-all permit-all 11-20This example shows the display when the interface does not have IP source filter mode configured:

Router# show ip verify source interface gigabitethernet6/6DHCP security is not configured on the interface gi6/6.This example shows how to display all the interfaces on the switch that have DHCP snooping security enabled:

Router# show ip verify source

Interface Filter-type Filter-mode IP-address Mac-address Vlan--------- ----------- ----------- --------------- -------------- ---------gi6/1 ip active 10.0.0.1 10gi6/1 ip active deny-all 11-20gi6/2 ip inactive-trust-portgi6/3 ip inactive-no-snooping-vlangi6/4 ip-mac active 10.0.0.2 aaaa.bbbb.cccc 10gi6/4 ip-mac active 11.0.0.1 aaaa.bbbb.cccd 11gi6/4 ip-mac active deny-all deny-all 12-20gi6/5 ip-mac active 10.0.0.3 permit-all 10gi6/5 ip-mac active deny-all permit-all 11-20Router#This example shows how to display all the interfaces on the switch that have DHCP snooping security enabled:

Router# show ip verify source interface gi5/0/0 efp_id 10Interface Filter-type Filter-mode IP-address Mac-address Vlan EFPID--------- ----------- ----------- --------------- --------------------------- ----------Gi5/0/0 ip-mac active 123.1.1.1 00:0A:00:0A:00:0A 100 10

Gi5/0/0 ip-mac active 123.1.1.2 00:0A:00:0A:00:0B 100 20

Gi5/0/0 ip-mac active 123.1.1.3 00:0A:00:0A:00:0C 100 30




Adds or deletes a static IP source binding entry.ip source binding

Enables or disables the per l2-port IP source guard.ip verify source vlan dhcp-snooping

Displays the IP-source bindings configured on thesystem.

show ip source binding



show ipv6 dhcpTo display the Dynamic Host Configuration Protocol (DHCP) unique identifier (DUID) on a specified device,use the show ipv6 dhcp command in user EXEC or privileged EXEC mode.

show ipv6 dhcp






This command was modified. It was integrated into Cisco IOSRelease 12.2(33)SRE.

12.2(33)SRE

Usage Guidelines The show ipv6 dhcp command uses the DUID based on the link-layer address for both client and serveridentifiers. The device uses the MAC address from the lowest-numbered interface to form the DUID. Thenetwork interface is assumed to be permanently attached to the device. Use the show ipv6 dhcp commandto display the DUID of a device.

Examples The following is sample output from the show ipv6 dhcpcommand. The output is self-explanatory:

Router# show ipv6 dhcpThis device's DHCPv6 unique identifier(DUID): 000300010002FCA5DC1C


show ip masks through vrf DHCP poolshow ipv6 dhcp

show ipv6 dhcp bindingTo display automatic client bindings from the Dynamic Host Configuration Protocol (DHCP) for IPv6 serverbinding table, use the show ipv6 dhcp binding command in user EXEC or privileged EXEC mode.

show ipv6 dhcp binding [ ipv6-address ] [vrf vrf-name]

Syntax Description (Optional) The address of a DHCP for IPv6 client.ipv6-address

(Optional) Specifies a virtual routing and forwarding(VRF) configuration.

vrf vrf-name




This command was modified. Command output was updated to displaya PPP username associated with a binding.

12.4

This command was modified. Command output was updated to displayaddress bindings.

12.4(24)T


This command was modified. The vrf vrf-name keyword and argumentwere added.

15.1(2)S

This command was modified. The vrf vrf-name keyword and argumentwere added.


Usage Guidelines The show ipv6 dhcp binding command displays all automatic client bindings from the DHCP for IPv6 serverbinding table if the ipv6-address argument is not specified. When the ipv6-address argument is specified,only the binding for the specified client is displayed.

If the vrf vrf-namekeyword and argument combination is specified, all bindings that belong to the specifiedVRF are displayed.


show ip masks through vrf DHCP poolshow ipv6 dhcp binding

Examples The following sample output displays all automatic client bindings from the DHCP for IPv6 server bindingtable:

Router# show ipv6 dhcp bindingClient: FE80::A8BB:CCFF:FE00:300DUID: 00030001AABBCC000300Username : client_1Interface: Virtual-Access2.1IA PD: IA ID 0x000C0001, T1 75, T2 135Prefix: 2001:380:E00::/64

preferred lifetime 150, valid lifetime 300expires at Dec 06 2007 12:57 PM (262 seconds)

Client: FE80::A8BB:CCFF:FE00:300 (Virtual-Access2.2)DUID: 00030001AABBCC000300IA PD: IA ID 0x000D0001, T1 75, T2 135Prefix: 2001:0DB8:E00:1::/64

preferred lifetime 150, valid lifetime 300expires at Dec 06 2007 12:58 PM (288 seconds)


Table 18: show ipv6 dhcp binding Field Descriptions

DescriptionField

Address of a specified client.Client

DHCP unique identifier (DUID).DUID

First virtual client. When an IPv6 DHCP clientrequests two prefixes with the same DUID but adifferent identity association for prefix delegation(IAPD ) on two different interfaces, these prefixesare considered to be for two different clients, andinterface information is maintained for both.

Virtual-Access2.1

The username associated with the binding.Username : client_1

Collection of prefixes assigned to a client.IA PD

Identifier for this IAPD.IA ID

Prefixes delegated to the indicated IAPD on thespecified client.

Prefix

The preferred lifetime and valid lifetime settings, inseconds, for the specified client.

preferred lifetime, valid lifetime

Date and time at which the valid lifetime expires.Expires at



DescriptionField

Second virtual client. When an IPv6 DHCP clientrequests two prefixes with the same DUID butdifferent IAIDs on two different interfaces, theseprefixes are considered to be for two different clients,and interface information is maintained for both.

Virtual-Access2.2

When the DHCPv6 pool on the Cisco IOS DHCPv6 server is configured to obtain prefixes for delegationfrom an authentication, authorization, and accounting (AAA) server, it sends the PPP username from theincoming PPP session to the AAA server for obtaining the prefixes. The PPP username is associated with thebinding is displayed in output from the show ipv6 dhcp binding command. If there is no PPP usernameassociated with the binding, this field value is displayed as "unassigned."

The following example shows that the PPP username associated with the binding is "client_1":

Router# show ipv6 dhcp bindingClient: FE80::2AA:FF:FEBB:CCDUID: 0003000100AA00BB00CCUsername : client_1Interface : Virtual-Access2IA PD: IA ID 0x00130001, T1 75, T2 135Prefix: 2001:0DB8:1:3::/80

preferred lifetime 150, valid lifetime 300expires at Aug 07 2008 05:19 AM (225 seconds)

The following example shows that the PPP username associated with the binding is unassigned:

Router# show ipv6 dhcp bindingClient: FE80::2AA:FF:FEBB:CCDUID: 0003000100AA00BB00CCUsername : unassignedInterface : Virtual-Access2IA PD: IA ID 0x00130001, T1 150, T2 240Prefix: 2001:0DB8:1:1::/80

preferred lifetime 300, valid lifetime 300expires at Aug 11 2008 06:23 AM (233 seconds)


Deletes automatic client bindings from the DHCP forIPv6 binding table.

clear ipv6 dhcp binding



show ipv6 dhcp conflictTo display address conflicts found by a Dynamic Host Configuration Protocol for IPv6 (DHCPv6) serverwhen addresses are offered to the client, use the show ipv6 dhcp conflict command in privileged EXECmode.

show ipv6 dhcp conflict [ ipv6-address ] [vrf vrf-name]

Syntax Description (Optional) The address of a DHCP for IPv6 client.ipv6-address

(Optional) Specifies a virtual routing and forwarding(VRF) configuration.

vrf vrf-name





This command was modified. The vrf vrf-name keyword andargument were added.

15.1(2)S

This command was modified. The vrf vrf-name keyword andargument were added.


This command was integrated into Cisco IOS XE Release 3.2SE.Cisco IOS XE Release 3.2SE

Usage Guidelines When you configure the DHCPv6 server to detect conflicts, it uses ping. The client uses neighbor discoveryto detect clients and reports to the server through a DECLINE message. If an address conflict is detected, theaddress is removed from the pool, and the address is not assigned until the administrator removes the addressfrom the conflict list.

Examples The following is a sample output from the show ipv6 dhcp conflict command. This command shows the pooland prefix values for DHCP conflicts.:

Router# show ipv6 dhcp conflictPool 350, prefix 2001:0DB8:1005::/48

2001:0DB8:1005::10


show ip masks through vrf DHCP poolshow ipv6 dhcp conflict


Clears an address conflict from the DHCPv6 serverdatabase.

clear ipv6 dhcp conflict


show ip masks through vrf DHCP poolshow ipv6 dhcp conflict

show ipv6 dhcp databaseTo display the Dynamic Host Configuration Protocol (DHCP) for IPv6 binding database agent information,use the show ipv6 dhcp database command in user EXEC or privileged EXEC mode.

show ipv6 dhcp database [ agent-URL ]

Syntax Description (Optional) A flash, NVRAM, FTP, TFTP, or remotecopy protocol (RCP) uniform resource locator.

agent-URL





Usage Guidelines Each permanent storage to which the binding database is saved is called the database agent. An agent can beconfigured using the ipv6 dhcp database command. Supported database agents include FTP and TFTPservers, RCP, Flash file system, and NVRAM.

The show ipv6 dhcp databasecommand displays DHCP for IPv6 binding database agent information. If theagent-URL argument is specified, only the specified agent is displayed. If the agent-URL argument is notspecified, all database agents are shown.

Examples The following is sample output from the show ipv6 dhcp databasecommand:

Router# show ipv6 dhcp databaseDatabase agent tftp://172.19.216.133/db.tftp:write delay: 69 seconds, transfer timeout: 300 secondslast written at Jan 09 2003 01:54 PM,

write timer expires in 56 secondslast read at Jan 06 2003 05:41 PMsuccessful read times 1failed read times 0successful write times 3172failed write times 2

Database agent nvram:/dhcpv6-binding:write delay: 60 seconds, transfer timeout: 300 secondslast written at Jan 09 2003 01:54 PM,

write timer expires in 37 secondslast read at neversuccessful read times 0failed read times 0successful write times 3325failed write times 0


show ip masks through vrf DHCP poolshow ipv6 dhcp database

Database agent flash:/dhcpv6-db:write delay: 82 seconds, transfer timeout: 3 secondslast written at Jan 09 2003 01:54 PM,write timer expires in 50 seconds

last read at neversuccessful read times 0failed read times 0successful write times 2220failed write times 614


Table 19: show ipv6 dhcp database Field Descriptions

DescriptionField

Specifies the database agent.Database agent

The amount of time (in seconds) to wait beforeupdating the database.

Write delay

Specifies how long (in seconds) the DHCP servershould wait before aborting a database transfer.Transfers that exceed the timeout period are aborted.

transfer timeout

The last date and time bindings were written to thefile server.

Last written

The length of time, in seconds, before the write timerexpires.

Write timer expires...

The last date and time bindings were read from thefile server.

Last read

The number of successful or failed read times.Successful/failed read times

The number of successful or failed write times.Successful/failed write times


Specifies DHCP for IPv6 binding database agentparameters.

ipv6 dhcp database


show ip masks through vrf DHCP poolshow ipv6 dhcp database

show ipv6 dhcp guard policyTo display Dynamic Host Configuration Protocol for IPv6 (DHCPv6) guard information, use the show ipv6dhcp guard policy command in privileged EXEC mode.

show ipv6 dhcp guard policy [ policy-name ]

Syntax Description (Optional) DHCPv6 guard policy name.policy-name



This command was introduced.15.2(4)S

Usage Guidelines If the policy-name argument is specified, only the specified policy information is displayed. If the policy-nameargument is not specified, information is displayed for all policies.

Examples The following is sample output from the show ipv6 dhcp guard guard command:

Router#show ipv6 dhcp guard policy

Dhcp guard policy: defaultDevice Role: dhcp clientTarget: Et0/3

Dhcp guard policy: test1Device Role: dhcp serverTarget: vlan 0 vlan 1 vlan 2 vlan 3 vlan 4Max Preference: 200Min Preference: 0Source Address Match Access List: acl1Prefix List Match Prefix List: pfxlist1

Dhcp guard policy: test2Device Role: dhcp relayTarget: Et0/0 Et0/1 Et0/2



show ip masks through vrf DHCP poolshow ipv6 dhcp guard policy

Table 20: show ipv6 dhcp guard Field Descriptions

DescriptionField

The role of the device. The role is either client, serveror relay.

Device Role

The name of the target. The target is either aninterface or a VLAN.

Target


Defines the DHCPv6 guard policy name.ipv6 dhcp guard policy


show ip masks through vrf DHCP poolshow ipv6 dhcp guard policy

show ipv6 dhcp-ldraTo display configuration details and statistics for a Lightweight DHCPv6 Relay Agent (LDRA), use the showipv6 dhcp-ldra command in user EXEC or privileged EXEC mode.

show ipv6 dhcp-ldra [statistics]

Syntax Description (Optional) Displays LDRA-related statistics.statistics


Privileged EXEC (#)


This command was introduced.15.1(2)SG

This commandwas integrated into Cisco IOSXERelease 3.4SG.Cisco IOS XE Release 3.4SG

Usage Guidelines Use this command to view the number and type of DHCPv6 packets received or processed, the number andtype of DHCPv6 messages dropped, error counters, and the interface state (client-facing trusted interface,server-facing interface, and so on).

You can also view LDRA configuration details, such as the type of LDRA configuration and the interface orVLAN where the LDRA is configured.

Examples The following sample output displays LDRA configuration details before initiating a DHCP session. Thefields in the example below are self-explanatory.

Device> enableDevice # show ipv6 dhcp-ldra statistics

DHCPv6 LDRA client facing statistics.

Messages received 0Messages sent 0Messages discarded 0

DHCPv6 LDRA server facing statistics.



show ip masks through vrf DHCP poolshow ipv6 dhcp-ldra

The following sample output displays LDRA configuration details after initiating a DHCP session. The fieldsin the example below are self-explanatory.Device> enable

Device # show ipv6 dhcp-ldra statistics

DHCPv6 LDRA client facing statistics.


Messages ReceivedSOLICIT 1REQUEST 1

Messages SentRELAY-FORWARD 2

DHCPv6 LDRA server facing statistics.


Messages ReceivedRELAY-REPLY 2

Messages SentADVERTISE 1REPLY 1

The following sample output displays LDRA configuration details. The fields in the example below areself-explanatory.

Device> enableDevice # show ipv6 dhcp-ldra

DHCPv6 LDRA is Enabled.DHCPv6 LDRA policy: client-facing-disable

Target: noneDHCPv6 LDRA policy: client-facing-trusted

Target: vlan 5DHCPv6 LDRA policy: client-facing-untrusted

Target: noneDHCPv6 LDRA policy: server-facing

Target: Gi1/0/7


Enables LDRA functionality on an access node.ipv6 dhcp-ldra

Enables LDRA functionality on a VLAN.ipv6 dhcp ldra attach-policy



DescriptionCommand

Enables LDRA functionality on an interface.ipv6 dhcp-ldra attach-policy



show ipv6 dhcp poolTo display Dynamic Host Configuration Protocol (DHCP) for IPv6 configuration pool information, use theshow ipv6 dhcp pool command in user EXEC or privileged EXEC mode.

show ipv6 dhcp pool [ poolname ]

Syntax Description (Optional) User-defined name for the local prefixpool. The pool name can be a symbolic string (suchas "Engineering") or an integer (such as 0).

poolname




Command output was updated to display address pools and prefix pools.12.4(24)T


This command was modified. It was integrated into Cisco IOS Release12.2(33)SRE.

12.2(33)SRE

This command was modified. It was integrated into Cisco IOS Release12.2(33)XNE.

12.2(33)XNE

Usage Guidelines Use the ipv6 dhcp pool command to create a configuration pool, and use the ipv6 dhcp server command toassociate the configuration pool with a server on an interface.

The show ipv6 dhcp pool command displays DHCP for IPv6 configuration pool information. If the poolnameargument is specified, only information on the specified pool is displayed. If the poolname argument is notspecified, information about all pools is shown.

Examples The following sample output displays DHCP for IPv6 configuration pool information:

Router# show ipv6 dhcp pool

DHCPv6 pool: svr-p1Static bindings:Binding for client 000300010002FCA5C01CIA PD: IA ID 00040002,Prefix: 3FFE:C00:C18:3::/72

preferred lifetime 604800, valid lifetime 2592000


show ip masks through vrf DHCP poolshow ipv6 dhcp pool

IA PD: IA ID not specified; being used by 00040001Prefix: 3FFE:C00:C18:1::/72

preferred lifetime 240, valid lifetime 54321Prefix: 3FFE:C00:C18:2::/72

preferred lifetime 300, valid lifetime 54333Prefix: 3FFE:C00:C18:3::/72

preferred lifetime 280, valid lifetime 51111Prefix from pool: local-p1, Valid lifetime 12345, Preferred lifetime 180DNS server: 1001::1DNS server: 1001::2Domain name: example1.netDomain name: example2.netDomain name: example3.net

Active clients: 2The table below describes the significant fields shown in the display.

Table 21: show ipv6 dhcp pool Field Descriptions

DescriptionField

The name of the pool.DHCPv6 pool: svr-p1

Identity association for prefix delegation (IAPD),which is a collection of prefixes assigned to a client.

IA PD

Identifier for this IAPD.IA ID

Prefixes to be delegated to the indicated IAPD on thespecified client.

Prefix

Lifetimes, in seconds, associated with the prefixstatically assigned to the specified client.

preferred lifetime, valid lifetime

IPv6 addresses of the DNS servers.DNS server

Displays the DNS domain search list.Domain name

Total number of active clients.Active clients


Configures a DHCP for IPv6 configurationinformation pool and enters DHCP for IPv6 poolconfiguration mode.

ipv6 dhcp pool

Enables DHCP for IPv6 service on an interface.ipv6 dhcp server


show ip masks through vrf DHCP poolshow ipv6 dhcp pool

show ipv6 dhcp interfaceTo display Dynamic Host Configuration Protocol (DHCP) for IPv6 interface information, use the show ipv6dhcp interface command in user EXEC or privileged EXEC mode.

show ipv6 dhcp interface [type number]

Syntax Description (Optional) Interface type and number. For moreinformation, use the question mark (?) online helpfunction.

type number




Command output was modified to allow relay agent information to bedisplayed on a specified interface if the relay agent feature is configuredon that interface.

12.3(11)T

Command output was updated to display interface address assignmentsand T1 and T2 renew/rebind times.

12.4(24)T


This command was modified. It was integrated into Cisco IOS Release12.2(33)SRE.

12.2(33)SRE

This command was modified. It was integrated into Cisco IOS Release12.2(33)XNE.

12.2(33)XNE

Usage Guidelines If no interfaces are specified, all interfaces on which DHCP for IPv6 (client or server) is enabled are shown.If an interface is specified, only information about the specified interface is displayed.

Examples The following is sample output from the show ipv6 dhcp interfacecommand. In the first example, thecommand is used on a router that has an interface acting as a DHCP for IPv6 server. In the second example,the command is used on a router that has an interface acting as a DHCP for IPv6 client:

Router1# show ipv6 dhcp interfaceEthernet2/1 is in server modeUsing pool: svr-p1


show ip masks through vrf DHCP poolshow ipv6 dhcp interface

Preference value: 20Rapid-Commit is disabled

Router2# show ipv6 dhcp interfaceEthernet2/1 is in client modeState is OPEN (1)List of known servers:Address: FE80::202:FCFF:FEA1:7439, DUID 000300010002FCA17400Preference: 20IA PD: IA ID 0x00040001, T1 120, T2 192Prefix: 3FFE:C00:C18:1::/72

preferred lifetime 240, valid lifetime 54321expires at Nov 08 2002 09:10 AM (54319 seconds)

Prefix: 3FFE:C00:C18:2::/72preferred lifetime 300, valid lifetime 54333expires at Nov 08 2002 09:11 AM (54331 seconds)

Prefix: 3FFE:C00:C18:3::/72preferred lifetime 280, valid lifetime 51111expires at Nov 08 2002 08:17 AM (51109 seconds)

DNS server: 1001::1DNS server: 1001::2Domain name: domain1.netDomain name: domain2.netDomain name: domain3.net

Prefix name is cli-p1Rapid-Commit is enabled


Table 22: show ipv6 dhcp interface Field Descriptions

DescriptionField

Displays whether the specified interface is in serveror client mode.

Ethernet2/1 is in server/client mode

The advertised (or default of 0) preference value forthe indicated server.

Preference value:

Displays the IPv6 general prefix pool name, in whichprefixes successfully acquired on this interface arestored.

Prefix name is cli-p1

The name of the pool that is being used by theinterface.

Using pool: svr-p1

State of the DHCP for IPv6 client on this interface."Open" indicates that configuration information hasbeen received.

State is OPEN

Lists the servers on the interface.List of known servers

Address and DHCP unique identifier (DUID) of aserver heard on the specified interface.

Address, DUID

Displays whether the rapid-commit keyword hasbeen enabled on the interface.

Rapid commit is disabled



The following example shows the DHCP for IPv6 relay agent configuration on FastEthernet interface 0/0,and use of the show ipv6 dhcp interface command displays relay agent information on FastEthernet interface0/0:

Router(config-if)# ipv6 dhcp relay destination FE80::250:A2FF:FEBF:A056 FastEthernet0/1Router# show ipv6 dhcp interface FastEthernet 0/0FastEthernet0/0 is in relay modeRelay destinations:FE80::250:A2FF:FEBF:A056 via FastEthernet0/1


Enables the DHCP for IPv6 client process and enablesrequests for prefix delegation through a specifiedinterface.

ipv6 dhcp client pd

Specifies a destination address to which clientmessages are forwarded and enables DHCP for IPv6relay service on the interface.

ipv6 dhcp relay destination

Enables DHCP for IPv6 service on an interface.ipv6 dhcp server



show ipv6 dhcp relay bindingTo display DHCPv6 Internet Assigned Numbers Authority (IANA) and DHCPv6 Identity Association forPrefix Delegation (IAPD) bindings on a relay agent, use the show ipv6 dhcp relay binding command in userEXEC or privileged EXEC mode.

show ipv6 dhcp relay binding [vrf vrf-name]

Syntax Description (Optional) Specifies a virtual routing and forwarding(VRF) configuration.

vrf vrf-name




This command was integrated into Cisco IOS XE Release 3.3S.Cisco IOS XE Release 3.3S

This command was modified. In addition to DHCPv6 IAPD bindings,DHCPv6 IANA bindings on a relay agent can be displayed.

15.2(1)S

This command was modified. In addition to DHCPv6 IAPD bindings,DHCPv6 IANA bindings on a relay agent can be displayed.


This commandwas implemented on Cisco uBR10012 and Cisco uBR7200series universal broadband devices.

12.2(33)SCF4

This command was integrated into Cisco IOS Release 15.3(3)M.15.3(3)M

Usage Guidelines If the vrf vrf-name keyword-argument pair is specified, all bindings belonging to the specified VRF aredisplayed.

Only the DHCPv6 IAPD bindings on a relay agent are displayed on the Cisco uBR10012 and CiscouBR7200 series universal broadband devices.

Note

Examples The following is sample output from the show ipv6 dhcp relay binding command:

Device# show ipv6 dhcp relay binding


show ip masks through vrf DHCP poolshow ipv6 dhcp relay binding

The following example shows output from the show ipv6 dhcp relay binding command with a specifiedVRF name on a Cisco uBR10012 universal broadband device:Device# show ipv6 dhcp relay binding vrf vrf1

Prefix: 2001:DB8:0:1:/64 (Bundle100.600)DUID: 000300010023BED94D31IAID: 3201912114lifetime: 600


Table 23: show ipv6 dhcp relay binding Field Descriptions

DescriptionField

IPv6 prefix for DHCP.Prefix

DHCP Unique Identifier (DUID) for the IPv6 relaybinding.

DUID

Identity Association Identification (IAID) for DHCP.IAID

Lifetime of the prefix, in seconds.lifetime


Clears a specific IPv6 address or IPv6prefix of a DHCP for IPv6 relay binding.

clear ipv6 dhcp relay binding


show ip masks through vrf DHCP poolshow ipv6 dhcp relay binding

show ipv6 dhcp routeTo display routes added by Dynamic Host Configuration Protocol for IPv6 (DHCPv6) on the DHCPv6 serverfor Internet Assigned Numbers Authority (IANA) and Identity Association for Prefix Delegation (IAPD), usethe show ipv6 dhcp route command in privileged EXEC mode.

show ipv6 dhcp route{vrf vrf-name}{*| ipv6-address| ipv6-prefix}

Syntax Description Specifies a virtual routing and forwarding (VRF)configuration.

vrf vrf-name

Displays all the DHCPv6 relay bindings.*

DHCPv6 address.ipv6-address

IPv6 prefix.ipv6-prefix





Examples The following is sample output from the show ipv6 dhcp route command:

Router# show ipv6 dhcp route vrf vrfname 2001:0DB8:3333:4::5/126


Adds routes for individually assignedIPv6 addresses on a relay or server.

ipv6 dhcp iana-route-add

Enables route addition by the DHCPv6relay and server for the delegated prefix.

ipv6 dhcp iapd-route-add


show ip masks through vrf DHCP poolshow ipv6 dhcp route

show ipv6 nat statisticsTo display Network Address Translation--Protocol Translation (NAT-PT) statistics, use the show iv6 natstatisticscommand in user EXEC or privileged EXEC mode.

show ipv6 nat statistics





Examples The following is sample output from the show ipv6 nat statisticscommand:

Router# show ipv6 nat statisticsTotal active translations: 4 (2 static, 2 dynamic; 2 extended)NAT-PT interfaces:Ethernet3/1, Ethernet3/3

Hits: 1 Misses: 1Expired translations: 0The table below describes the significant fields shown in the display.

Table 24: show ipv6 nat statistics Field Descriptions

DescriptionField

Number of translations active in the system. Thisnumber increments by one each time a translation iscreated and is decremented each time a translation iscleared or times out. Displays the numbers for eachtype of translation.

Total active translations

The interfaces, by type and number, that areconfigured to run NAT-PT translations.

NAT-PT interfaces


Hits


Misses


show ip masks through vrf DHCP poolshow ipv6 nat statistics

DescriptionField




Displays active NAT-PT translations.show ipv6 nat translations


show ip masks through vrf DHCP poolshow ipv6 nat statistics

show ipv6 nat translationsTo display active Network Address Translation--Protocol Translation (NAT-PT) translations, use the showip nat translations command in user EXEC or privileged EXEC mode.

show ipv6 nat translations [icmp| tcp| udp] [verbose]

Syntax Description (Optional) Displays detailed information aboutNAT-PT ICMP translation events.

icmp

(Optional) Displays detailed information aboutNAT-PT TCP translation events.

tcp

(Optional) Displays detailed information aboutNAT-PT User Datagram Protocol (UDP) translationevents.

udp


verbose




Examples The following is sample output from the show ip nat translations command. Two static translations havebeen configured between an IPv4 source address and an IPv6 destination, and vice versa.

Router# show ipv6 nat translationsProt IPv4 source IPv6 source

IPv4 destination IPv6 destination--- --- ---

192.168.123.2 2001::2--- --- ---

192.168.122.10 2001::10tcp 192.168.124.8,11047 3002::8,11047

192.168.123.2,23 2001::2,23udp 192.168.124.8,52922 3002::8,52922

192.168.123.2,69 2001::2,69udp 192.168.124.8,52922 3002::8,52922

192.168.123.2,52922 2001::2,52922--- 192.168.124.8 3002::8

192.168.123.2 2001::2--- 192.168.124.8 3002::8

--- ---


show ip masks through vrf DHCP poolshow ipv6 nat translations

--- 192.168.121.4 5001::4--- ---

The following is sample output that includes the verbose keyword:

Router# show ipv6 nat translations verboseProt IPv4 source IPv6 source

IPv4 destination IPv6 destination--- --- ---

192.168.123.2 2001::2create 00:04:24, use 00:03:24,

--- --- ---192.168.122.10 2001::10create 00:04:24, use 00:04:24,

tcp 192.168.124.8,11047 3002::8,11047192.168.123.2,23 2001::2,23create 00:03:24, use 00:03:20, left 00:16:39,

udp 192.168.124.8,52922 3002::8,52922192.168.123.2,69 2001::2,69create 00:02:51, use 00:02:37, left 00:17:22,

udp 192.168.124.8,52922 3002::8,52922192.168.123.2,52922 2001::2,52922create 00:02:48, use 00:02:30, left 00:17:29,

--- 192.168.124.8 3002::8192.168.123.2 2001::2create 00:03:24, use 00:02:34, left 00:17:25,

--- 192.168.124.8 3002::8--- ---create 00:04:24, use 00:03:24,

--- 192.168.121.4 5001::4--- ---create 00:04:25, use 00:04:25,


Table 25: show ipv6 nat translations Field Descriptions

DescriptionField

Protocol of the port identifying the address.Prot

The IPv4 or IPv6 source address to be translated.IPv4 source/IPv6 source

The IPv4 or IPv6 destination address.IPv4 destination/IPv6 destination

How long ago the entry was created (inhours:minutes:seconds).

create

How long ago the entry was last used (inhours:minutes:seconds).

use

Time before the entry times out (inhours:minutes:seconds).

left


Clears dynamic NAT-PT translations from thetranslation state table.

clear ipv6 nat translation



show logging ip access-listTo display information about the logging IP access list, use the show logging ip access-list command inprivileged EXEC mode.

show logging ip access-list {cache| config}

Syntax Description Displays information about all the entries in theOptimized ACL Logging (OAL) cache.

cache

Displays information about the logging IP access-listconfiguration.

config




Support for this command was introduced on the Supervisor Engine 720.12.2(17d)SXB

This command was changed to include the config keyword on theSupervisor Engine 720 only.

12.2(18)SXE


Usage Guidelines This command is supported on Cisco 7600 series routers that are configured with a Supervisor Engine 720only.

OAL is supported on IPv4 unicast traffic only.

Examples This example shows how to display all the entries in the OAL cache:

Router# show logging ip access-list cacheMatched flows:id prot src_ip dst_ip sport dport status counttotal lastlog--------------------------------------------------------------------------------------1 17 10.2.1.82 10.2.12.2 111 63 Permit 03906 2d02h2 17 10.2.1.82 10.2.12.2 1135 63 Permit 03906 2d02h3 17 10.2.1.82 10.2.12.2 2159 63 Permit 03906 2d02h


show ip masks through vrf DHCP poolshow logging ip access-list

4 17 10.2.1.82 10.2.12.2 3183 63 Permit 03906 2d02h5 17 10.2.1.82 10.2.12.2 4207 63 Permit 03906 2d02h6 17 10.2.1.82 10.2.12.2 5231 63 Deny 03906 2d02h7 17 10.2.1.82 10.2.12.2 6255 63 Deny 03906 2d02h8 17 10.2.1.82 10.2.12.2 7279 63 Permit 03906 2d02h9 17 10.2.1.82 10.2.12.2 8303 63 Permit 03906 2d02h10 17 10.2.1.82 10.2.12.2 9327 63 Permit 03905 2d02h11 17 10.2.1.82 10.2.12.2 10351 63 Permit 03905 2d02h12 17 10.2.1.82 10.2.12.2 11375 63 Permit 03905 2d02h13 17 10.2.1.82 10.2.12.2 12399 63 Deny 03905 2d02h14 17 10.2.1.82 10.2.12.2 13423 63 Permit 03905 2d02h15 17 10.2.1.82 10.2.12.2 14447 63 Deny 03905 2d02h16 17 10.2.1.82 10.2.12.2 15471 63 Permit 03905 2d02h17 17 10.2.1.82 10.2.12.2 16495 63 Permit 03905 2d02h18 17 10.2.1.82 10.2.12.2 17519 63 Permit 03905 2d02h19 17 10.2.1.82 10.2.12.2 18543 63 Permit 03905 2d02h20 17 10.2.1.82 10.2.12.2 19567 63 Permit 03905 2d02hNumber of entries: 20Number of messages logged: 112Number of packets logged: 11200Number of packets received for logging: 11200This example shows how to display information about the logging IP access-list configuration:

Router# show logging ip access-list configLogging ip access-list configurationMaximum number of cached entries: 8192Logging rate limiter: 0Log-update interval: 300Log-update threshold: 0Configured on input direction:

Vlan2Vlan1

Configured on output direction:Vlan2


Clears all the entries from the OAL cache and sendsthem to the syslog.

clear logging ip access-list cache

Configures the OAL parameters.logging ip access-list cache (global configuration)

Enables an OAL-logging cache on an interface thatis based on direction.

logging ip access-list cache (interfaceconfiguration)


show ip masks through vrf DHCP poolshow logging ip access-list

show mdns cacheTo display multicast Domain Name System (mDNS) cache information, use the showmdns cache commandin user EXEC or privileged EXEC mode.

show mdns cache [interface type number [detail] | [name record-name] [type record-type] [detail]]

Syntax Description (Optional) Displays mDNS cache information for thespecified interface.

interface type number

(Optional) Displays detailedmDNS cache informationfor the specified interface or record.

You can use the detail keyword for aspecific interface, record or type. You cannotuse it independently with the show mdnscache command.

Note

detail

(Optional) Displays mDNS cache information for thespecified record.

name record-name

(Optional) Displays mDNS cache information for thespecific record type.

type record-type

You can view mDNS cache information for a specific record type and record name by using thekeyword-argument pair combination name record-name type record-type.

Note


Privileged EXEC (#)


This command was introduced.15.2(1)E

This command was integrated into Cisco IOS Release 15.2(1)SY.15.2(1)SY

This command was integrated into Cisco IOS Release 15.5(2)S.15.5(2)S


show ip masks through vrf DHCP poolshow mdns cache

Examples The following sample output displays mDNS cache information :

Device> enableDevice# show mdns cache

mDNS CACHE=================================[<NAME>] [<TYPE>][<CLASS>] [<TTL>/Remaining] [Accessed] [If-index] [<RRRecord Data>]

_services._dns-sd._udp.local PTR IN 4500/4496 0 3 _ipp._tcp.local

_ipp._tcp.local PTR IN 4500/4496 1 3 printer1._ipp._tcp.local

printer1._ipp._tcp.local TXT IN 4500/4496 1 3 (1)''


Creates a service-list and applies a filter on theservice-list or associates a query for the service-list.

service-list mdns-sd

Displays mDNS request information.show mdns requests

DisplaysmDNS statistics for the specified service-list.show mdns statistics


show ip masks through vrf DHCP poolshow mdns cache

show mdns cache macTo display multicast Domain Name System (mDNS) cache information for a specific MAC address, use theshow mdns cache mac command in user EXEC or privileged EXEC mode.

show mdns cache mac mac-address [detail]

Syntax Description Displays mDNS cache information for the specifiedMAC address.

mac-address

(Optional) Displays detailedmDNS cache informationfor the specified MAC address.

detail


Privileged EXEC (#)



This command was integrated into the Cisco IOS XE 3.6E release.Cisco IOS XE 3.6E

Examples The following is sample output from the show mdns cache mac command:

Device> enableDevice# show mdns cache mac aabb.cc01.2c10

mDNS CACHE===================================

[<NAME>] [<TYPE>][<CLASS>][<TTL>/Remaining] [Accessed] [If-name] [Mac Address] [<RR Record Data>]_mdnsgateway._udp.local PTR IN1200/1200 1 0mdnsgateway-Et0/1._mdnsgateway._udp.local



show ip masks through vrf DHCP poolshow mdns cache mac

Table 26: show mdns cache mac Field Descriptions

DescriptionField

Service instance. The service instance is of thespecified service type.

[<NAME>]

Service type.[<TYPE>]

DNS class. IN refers to the internet class resourcerecord.

[<CLASS>]

Time to Live (TTL) value of the service.[<TTL>/Remaining]

Interface name.[If-name]

MAC address of the device.[Mac Address]

Resource record data. The data includes serviceinstance information and the interface name.

[<RR Record Data>]




Displays mDNS cache information for the device.show mdns cache

Displays mDNS service instance records in cache thatare statically registered.

show mdns cache static


show ip masks through vrf DHCP poolshow mdns cache mac

show mdns cache staticTo display multicast Domain Name System (mDNS) service instance records in cache that are staticallyregistered, use the show mdns cache static command in user EXEC or privileged EXEC mode.

show mdns cache static



Privileged EXEC (#)




Examples The following is sample output from the show mdns cache static command:

Device> enableDevice# show mdns cache static

mDNS CACHE===================================

[<NAME>] [<TYPE>][<CLASS>][<TTL>/Remaining] [Accessed] [If-name] [Mac Address] [<RR Record Data>]_mdnsgateway._udp.local PTR IN1200/1200 1 0mdnsgateway-Et0/1._mdnsgateway._udp.local_mdnsgateway._udp.local PTR IN600/600 1 0 mdnsgateway._mdnsgateway._udp.local


Table 27: show mdns cache static Field Descriptions

DescriptionField


[<NAME>]

Service type.[<TYPE>]


show ip masks through vrf DHCP poolshow mdns cache static

DescriptionField

DNS class. IN refers to the internet class resourcerecord.

[<CLASS>]



MAC address of the device.[Mac Address]

Resource record data. The data includes serviceinstance information and the interface name.

[<RR Record Data>]




Displays mDNS cache information for the device.show mdns cache

Displays mDNS cache information for a specificMAC address.

show mdns cache mac


show ip masks through vrf DHCP poolshow mdns cache static

show mdns requestsTo display multicast Domain Name System (mDNS) request information, use the show mdns requestscommand in privileged EXEC mode.

show mdns requests [detail | [type record-type] [name record-name]]

Syntax Description (Optional) Displays detailed mDNS requestinformation, including record name, record type, andrecord class.

detail

(Optional) Displays mDNS request information forthe specified record.

name record-name

(Optional) Displays mDNS request information fora specific record type.

For the record-type argument, you mustspecify one of these record types - PTR,SRV, A, or AAAA.

Note

type record-type




This command was integrated into the Cisco IOS XERelease 3.13SCisco IOS XE Release 3.15S

This command was integrated into Cisco IOS Release 15.5(2)S.15.5(2)S

Examples The following sample output displays detailed mDNS request information :

Device> enableDevice# show mdns requests detail

MDNS Outstanding Requests=================================Request name : _ipp._tcp.localRequest type : PTRRequest class : IN


show ip masks through vrf DHCP poolshow mdns requests




Displays mDNS cache information.show mdns cache



show ip masks through vrf DHCP poolshow mdns requests

show mdns service-typesTo display multicast Domain Name System (mDNS) service type information for device interfaces, use theshow mdns service-types command in user EXEC or privileged EXEC mode.

show mdns service-types [all | interface type number]

Syntax Description (Optional) Displays mDNS service type informationfor all device interfaces.

all

(Optional) Displays mDNS service type informationfor the specified interface.



Privileged EXEC (#)




Examples The following is sample output from the show mdns service-types command:

Device> enableDevice# show mdns service-types

mDNS SERVICES=================================[<NAME>] [<TTL>/Remaining] [If-name]

_ipp._tcp.local 4500/4496


Table 28: show mdns service-types Field Descriptions

DescriptionField


[<NAME>]


show ip masks through vrf DHCP poolshow mdns service-types

DescriptionField









show ip masks through vrf DHCP poolshow mdns service-types

show mdns statisticsTo display multicast Domain Name System (mDNS) statistics, use the show mdns statistics command inuser EXEC or privileged EXEC mode.

showmdns statistics {all | interface type number | service-list name | [cache | service-policy] {all | interfacetype number} | services orderby providers}

Syntax Description Displays mDNS statistics for the device orservice-policy.

all

Displays mDNS statistics or service-policy statisticsfor the specified interface.


DisplaysmDNS statistics for the specified service-list.service-list name

Displays mDNS cache statistics.cache

Displays mDNS service-policy statistics.service-policy

Displays the number of services learnt from eachclient. The services are displayed in the descendingorder; the client from which most number of servicesare learnt is displayed first on the list, and so on.

services orderby providers


Privileged EXEC (#)



This command was modified. The keyword-argument pair service-listname and the option to display mDNS statistics for an interface wereadded. The keywords cache and services orderby providerswere added.

15.2(2)E



This command was integrated into the Cisco IOS XE Release 3.15SCisco IOS XE Release 3.15S

This command was integrated into Cisco IOS 15.5(2)S Release.15.5(2)S


show ip masks through vrf DHCP poolshow mdns statistics

Usage Guidelines The all keyword can be used in two forms of the show mdns statistics command. You can view mDNSstatistics for the device using the show mdns statistics all command form. To view service-policy statistics,use the show mdns statistics service-policy all command form.

The keyword-argument pair interface type number can be used in two forms of the show mdns statisticscommand. To display mDNS statistics for a specific interface, use the show mdns statistics interface typenumber command form. To display service-policy statistics for a specific interface, use the show mdnsstatistics service-policy interface type number command form.

Examples The following sample output displays detailed mDNS statistics:

Device> enableDevice# show mdns statistics all

mDNS Statistics=================================mDNS packets sent : 0mDNS packets received : 31mDNS packets dropped : 8mDNS cache memory in use: 64264(bytes)




Displays mDNS cache information.show mdns cache



show ip masks through vrf DHCP poolshow mdns statistics

show nat64To display Network Address Translation 64 (NAT64) information, use the show nat64 command in userEXEC or privileged EXEC mode.

show nat64 {logging| services| timeouts| reconciliation| replications}

Syntax Description Displays NAT64 logging information.logging

Displays NAT64 services information.services

Displays statistics for a NAT64 translation sessiontimeout.

timeouts

Displays NAT64 reconciliation information.reconciliation

Displays NAT64 replication information.replications


Privileged EXEC(#)



This commandwas modified. The reconciliation and replicationskeywords were added.


This command was integrated into Cisco IOS Release 15.4(1)T15.4(1)T

Usage Guidelines NAT64 supports logging of information about all NAT sessions that are created and deleted. All event entriesthat are logged have a time stamp. Use the output of this command verify your NAT64 configuration.

The output of the show nat64 reconciliation command displays information about Forwarding Processor(FP) switchovers. Whenever an FP does a switchover, the Route Processor (RP) and the newly active FP audittheir own configuration and alias data to ensure that the RP and the newly active FP are synchronized.

Replication indicates whether the traffic to a port is replicated or not. The show nat64 replications commanddisplays the state of any port that needs to be treated specially for replication. By default, HTTP (port 80)sessions are not synchronized.


show ip masks through vrf DHCP poolshow nat64

Examples The following is sample output from the show nat64 logging command:

Device# show nat64 logging

NAT64 Logging TypeMethod Protocol Dst. Address Dst. Port Src. Port

translationflow export UDP 10.1.1.1 5000 60087


Table 29: show nat64 logging Field Descriptions

DescriptionField

Method used for logging records. Depending on your release,only flow export is supported.

Method

Protocol used for translation.Protocol

Destination IPv4 address of the external collector that isconfigured for logging records.

Dst. Address

Destination port of the external collector that is configured forlogging records.

Dst. Port

Source port from where logging records are sent out on thenetwork.

Src. Port

The following is sample output from the show nat64 services command:

Device# show nat64 services

NAT64 Services

ftpUDP Enabled: TRUETCP Enabled: TRUEService DefinitionProtocol: 6 Port: 21


Table 30: show nat64 services Field Descriptions

DescriptionField

Indicates whether the service translation is enabledby default for UDP packets if the protocol issupported by the service definition.

UDP Enabled



DescriptionField

Indicates whether the service translation is enabledby default for TCP packets if the protocol is supportedby the service definition.

TCP Enabled

Definition of the service (the Protocol and Port fieldsfor which packets are considered a match to the givenservice).

Service Definition

The following is sample output from the show nat64 timeouts command:

Device# show nat64 timeouts

NAT64 TimeoutSeconds CLI Cfg Uses 'All' all flows86400 FALSE FALSE udp300 FALSE TRUE tcp7200 FALSE TRUE tcp-transient240 FALSE FALSE icmp60 FALSE TRUE


Table 31: show nat64 timeouts Field Descriptions

DescriptionField

NAT64 timeout, in seconds.Seconds

Indicates whether the timeout is explicitly configuredthrough the CLI. The timeout values configuredthrough the CLI change the default timeout values.

CLI Cfg

The following is sample output from the show nat64 reconciliation command:Device# show nat64 reconciliation

Reconciliation Info

Start updates received: 0End updates received: 0Last update received: --- (2)


Table 32: show nat64 reconciliation Field Descriptions

DescriptionField

Indicates the number of synchronization events that arestarted.

Start updates received



DescriptionField

Indicates the number of synchronization events that arecompleted.

End updates received

Indicates which event was received last—the start or endevent.

Last updated received

The following is sample output from the show nat64 replications command:Device# show nat64 replications

Replications configured for http: 1

NAT64 Replications (ports not shown have replication enabled)Traffic Type Port Replication User-Configured

http 80 disable FALSEThe table below describes the significant fields shown in the display.

Table 33: show nat64 reconciliation Field Descriptions

DescriptionField

Type of traffic.Traffic type

Layer 4 port of the traffic.Port

Indicates whether the traffic will be replicated or not. Valid valuesare enable (replicated) or disable (not replicated).

Replication

Indicates whether the replication is because of the default behavior(FALSE) of the traffic or user configuration (TRUE).

User-Configured


Enables NAT64 logging.nat64 logging

Enables NAT64 FTP service.nat64 service ftp

Enables NAT64 translation.nat64 translation



show nat64 adjacencyTo display information about the stateless Network Address Translation 64 (NAT64) managed adjacencies,use the show nat64 adjacency command in user EXEC or privileged EXEC mode.

show nat64 adjacency {all| count| ipv4| ipv6}

Syntax Description Displays all adjacencies.all

Displays the adjacency count.count

Displays IPv4 adjacencies.ipv4

Displays IPv6 adjacencies.ipv6


Privileged EXEC (#)



This command was integrated into Cisco IOS Release 15.4(1)T.15.4(1)T

Usage Guidelines An adjacency is a node that can be reached by one Layer 2 hop. The stateless NAT64 adjacencies includeadjacency addresses and the total number of adjacencies.

Examples The following is sample output from the show nat64 adjacency all command:

Device# show nat64 adjacency all

Adjacency CountsIPv4 Adjacencies: 2IPv6 Adjacencies: 1Stateless Prefix Adjacency Ref Count: 1AdjacenciesIPv6 Adjacencies

::42IPv4 Adjacencies

0.0.19.137 (5001)0.0.19.140 (5004)



show ip masks through vrf DHCP poolshow nat64 adjacency

Table 34: show nat64 adjacency all Field Descriptions

DescriptionField

Count of all adjacencies.Adjacency Counts

Types of adjacencies.Adjacencies


Enables stateless NAT64 on an interface.nat64 enable


show ip masks through vrf DHCP poolshow nat64 adjacency

show nat64 aliasesTo display the IP aliases created by Network Address Translation 64 (NAT64), use the show nat64 aliasescommand in user EXEC or privileged EXEC mode.

show nat64 aliases [range lower-address-range upper-address-range]

Syntax Description (Optional) Displays information about the IP aliasesin a given range.

range

(Optional) IPv4 lower address range.lower-address-range

(Optional) IPv4 upper address range.upper-address-range


Privileged EXEC (#)




Usage Guidelines An alias is an address (examples of an address are pool addresses and static mapping addresses) for whichthe router sends an Address Resolution Protocol (ARP) request even though the address is not configured onan interface. NAT64maintains a database of all the addresses for which an ARP request is sent. These addressesare inserted in the database as IP aliases when they exist on the subnet of an interface address.

Examples The following is sample output from the show nat64 aliases command:

Device# show nat64 aliases

Aliases configured: 1

Address Table ID Inserted Flags Send ARP Reconcilable Stale Ref-Count

10.1.1.1 0 FALSE 0x0030 FALSE TRUE FALSE 1



show ip masks through vrf DHCP poolshow nat64 aliases

Table 35: show nat64 aliases Field Descriptions

DescriptionField

The number of NAT64 addresses for which an IPalias is configured.

Aliases configured

IPv4 address of the alias.Address

VPN routing and forwarding (VRF) table ID that isassociated with the alias.

Table ID

Indicates whether the alias is currently inserted as anIP alias.

Inserted

Indicates whether an ARP request is sent. Valid valuesare TRUE or FALSE.

Send ARP


Enables NAT64 on an interface.nat64 enable


show ip masks through vrf DHCP poolshow nat64 aliases

show nat64 ha statusTo display information about the stateless Network Address Translation 64 (NAT64) high availability (HA)status, use the show nat64 ha statuscommand in user EXEC or privileged EXEC mode.

show nat64 ha status





Examples The following is sample output from the show nat64 ha status command:

Router# show nat64 ha statusNAT64 HA StatusRole: activePeer is ready: TRUEPeer is compatible: TRUESynchronization enabled: TRUEIs hot (standby): FALSEBulk sync PID: NO_PROCESSISSU negotiation status: IPC, CFISSU context IDs: IPC(198), CF(197)Synchronization capabilities: 0x00000001Adjacency mappings: TRUECF info: handle(0x0000011B), peer ready(TRUE),flow control(TRUE)(FALSE)(0x0)Initialized: HA(TRUE) ISSU(TRUE)Message stats:Adjacency mapping: rx(0) tx(5001) tx err(0)Bulk sync done: rx(0) tx(1) tx err(0)Errors:Bulk sync: 0CF tx: 0


Table 36: show nat64 ha status Field Descriptions

DescriptionField

Status of stateless NAT64 HA.NAT64 HA Status

Status of the messages.Message stats

Types of errors.Errors


show ip masks through vrf DHCP poolshow nat64 ha status


Clears stateless NAT64 HA statistics.clear nat64 ha statistics



show ip masks through vrf DHCP poolshow nat64 ha status

show nat64 limitsTo display Network Address Translation 64 (NAT64) limits, use the show nat64 limits command in userEXEC or privileged EXEC mode.

show nat64 limits



Privileged EXEC (#)




Usage Guidelines The show nat64 limits command displays the configuredmaximum limit for the number of entries that NAT64translates.

Examples The following is sample output from the show nat64 limits command:

Device# show nat64 limits

NAT64 Limit Max Entries Is Configured

global 200 TRUE


Table 37: show nat64 limits Field Descriptions

DescriptionField

Indicates whether the NAT64 translation limit isconfigured globally or on an interface.

NAT64 Limit

The maximum number of entries that NAT64translates.

Max Entries

Indicates whether the maximum limit is configured.Valid values are True or False.

Is Configured


show ip masks through vrf DHCP poolshow nat64 limits





show ip masks through vrf DHCP poolshow nat64 limits

show nat64 map-tTo display Network Address Translation 64 (NAT64) mapping of addresses and ports (MAP-T) information,use the show nat64 map-t command in privileged EXEC mode.

show nat64 map-t [domain number]

Syntax Description Displays MAP-T information for a specific domain.Valid values for the number argument are from 1 to128.

domain number




Usage Guidelines MAP-T or Mapping of address and port (MAP) double stateless translation-based solution (MAP-T) providesIPv4 hosts connectivity to and across an IPv6 domain. MAP-T builds on existing stateless IPv4/IPv6 addresstranslation techniques that are specified in RFC 6052, RFC 6144, and RFC 6145.

Examples The following is sample output from the show nat64 map-t domaincommand:Device# show nat64 map-t domain 89

MAP-T Domain 89Mode MAP-TDefault-mapping-rule

Ip-v6-prefix ::/0Basic-mapping-rule

Ip-v6-prefix ::/0Ip-v4-prefix 10.1.1.1/32Port-parameters

Share-ratio 34 Contiguous-ports 64 Start-port 3455Share-ratio-bits 6 Contiguous-ports-bits 6 Port-offset-bits 4

The


Configures NAT64 MAP-T settingsnat64 map-t


show ip masks through vrf DHCP poolshow nat64 map-t

show nat64 mappings dynamicTo display the Network Address Translation 64 (NAT64) dynamic mappings, use the show nat64 mappingsdynamic command in user EXEC or privileged EXEC mode.

show nat64 mappings dynamic [list acl-name | pool pool-name]

Syntax Description (Optional) Displays the mappings of a specifiedaccess list.

list acl-name

(Optional) Displays the mappings of a specified pool.pool pool-name


Privileged EXEC (#)




Usage Guidelines Dynamic one-to-onemapping is used to map IPv6 hosts from a pool of available IPv4 addresses on a first-comefirst-served basis. The dynamic one-to-one configuration is deployed when the number of IPv6 hosts is fewand an equal or greater number of public IPv4 addresses are available. For dynamic binds, the mapping isalways between an IPv4 address and an IPv6 address.

Examples The following is sample output from the show nat64 mappings dynamic command:

Device# show nat64 mappings dynamic

Dynamic mappings configured: 1

Direction ACL Pool Flags

v6v4 mylist mypool 0x00000000 (none)



show ip masks through vrf DHCP poolshow nat64 mappings dynamic

Table 38: show nat64 mappings dynamic Field Descriptions

DescriptionField

The number of dynamic mappings configured.Dynamic mappings configured

The direction in which the dynamic mapping isconfigured.

Direction

Access list name.ACL

Name of the pool.Pool


Translates an IPv4 source address to an IPv6 sourceaddress and an IPv6 destination address to an IPv4destination address for NAT64.

nat64 v4v6

Translates an IPv6 source address to an IPv4 sourceaddress and an IPv4 destination address to an IPv6destination address for NAT64.

nat64 v6v4


show ip masks through vrf DHCP poolshow nat64 mappings dynamic

show nat64 poolsTo display the IPv4 address pools for dynamic Network Address Translation 64 (NAT64) mapping, use theshow nat64 pools command in user EXEC or privileged EXEC mode.

show nat64 pools [name pool-name| range lower-address-range upper-address-range] [routes]

Syntax Description (Optional) Displays information about the configuredaddress pools listed by the pool name.

name pool-name

(Optional) Displays information about address poolswithin a provided address range.

range

(Optional) IPv4 lower address range.lower-address-range

(Optional) IPv4 upper address range.upper-address-range

(Optional) Displays static routes for a given pool.routes


Privileged EXEC (#)




Usage Guidelines Pools allow you to specify an IPv4 address range that is used for dynamic mapping of objects. Only IPv4address pools and one contiguous address range per pool object is supported in Cisco IOS XE Release 3.4S.When a pool is created, a static route is installed for all addresses in the pool range.

Examples The following is sample output from the show nat64 pools command:

Device# show nat64 pools

Pools configured: 1

Protocol Name Is Single Range Ranges

IPv4 mypool TRUE (10.1.1.1 - 10.1.1.10) 10.1.1.1 - 10.1.1.10


show ip masks through vrf DHCP poolshow nat64 pools


Table 39: show nat64 pools Field Descriptions

DescriptionField

Name of the protocol.Protocol

Name of the configured pool.Name

Indicates whether the pool contains a single addressrange or multiple address ranges. The value of therange is displayed.

In Cisco IOS XE Release 3.4S only a single addressrange is supported.

Is Single

IPv4 address range.Range

All address ranges for the pool.

In Cisco IOS XE Release 3.4S only a single addressrange is supported.

Ranges



Enables NAT64 IPv4 configuration.nat64 v4


show ip masks through vrf DHCP poolshow nat64 pools

show nat64 prefix statefulTo display information about Network Address Translation 64 N(AT64) stateful prefixes, use the show nat64prefix stateful command in user EXEC or privileged EXEC mode.

show nat64 prefix stateful {global| {interfaces| static-routes} [prefix ipv6-address/prefix-length]}

Syntax Description Displays information about global prefixes.global

Displays information about the configured interfaces.interfaces

(Optional) Displays information about interfaces thatuse a prefix.

prefix

(Optional) IPv6 network number to include in routeradvertisements. This argument must be in the formdocumented in RFC 2373 where the address isspecified in hexadecimal using 16-bit values betweencolons.

ipv6-address

(Optional) Length of the IPv6 prefix. Prefix length isa decimal value that indicates how many of thehigh-order contiguous bits of the address comprisethe prefix (the network portion of the address). Aslash mark must precede the decimal value. Validvalues are from 0 to 128.

/prefix-length

Displays information about prefix static routes.static-routes


Privileged EXEC (#)




Usage Guidelines A maximum of one global stateful prefix and one stateful prefix per interface is supported. NAT64 uses theconfigured stateful prefix to algorithmically translate the IPv4 addresses of the IPv4 hosts to and from IPv6addresses. If a global stateful prefix or an interface stateful prefix is not configured, the Well Known Prefix(WKP) of 64:ff9b::/96 is used to translate the IPv4 address of the IPv4 host.


show ip masks through vrf DHCP poolshow nat64 prefix stateful

Examples The following is sample output from the show nat64 prefix stateful global command:

Device# show nat64 prefix stateful global

Global Stateful Prefix: is valid, 2001:DB8::/96

IFs Using Global Prefix Gi0/1/0

The following is sample output from the show nat64 prefix stateful interfaces command:Device# show nat64 prefix stateful interfaces

Stateful Prefixes

Interface NAT64 Enabled Global Prefix

GigabitEthernet0/1/0 TRUE TRUE 2001:DB8:1:1/96GigabitEthernet0/1/3 TRUE FALSE 2001:DB8:2:2/96

The following is sample output from the show nat64 prefix stateful static-routes command:Device# show nat64 prefix stateful static-routes

Stateful Prefixes

NAT64 Prefix Static Route Ref-Count

2001:DB8:1:1/96 12001:DB8:2:1/96 1


Table 40: show nat6 prefix stateful Field Descriptions

DescriptionField

Lists the interfaces that are using the specified globalprefix.

IFs Using Global Prefix

Information on whether NAT64 is enabled on a route.TRUE if enabled and FALSE if not enabled.

Enabled

IPv6 static route that is configured to route packets.Static Route


Configures a prefix and prefix length for statefulNAT64.

nat64 prefix stateful


show ip masks through vrf DHCP poolshow nat64 prefix stateful

show nat64 prefix statelessTo display information about the configured Network Address Translation 64 (NAT64) stateless prefixes,use the show nat64 prefix statelesscommand in user EXEC or privileged EXEC mode.

show nat64 prefix stateless {global| {interfaces| static-routes} [prefix ipv6-prefix/prefix-length]}

Syntax Description Displays the global stateless prefixes.global

Displays the interfaces and the stateless prefixes usedby the interfaces.

interfaces

(Optional) Displays the interfaces that are using aspecific stateless prefix.

prefix

Displays the static routes that are using the statelessprefix.

static-routes


ipv6-prefix

(Optional) Length of the IPv6 prefix. Prefix length isa decimal value that indicates how many of thehigh-order contiguous bits of the address comprisethe prefix (the network portion of the address). Aslash mark must precede the decimal value. Validvalues are from 0 to 128.

/ prefix-length


Privileged EXEC (#)




Usage Guidelines The output of the show nat64 prefix stateless command displays the interfaces that use a specific prefix andthe number of prefixes that use a static route.


show ip masks through vrf DHCP poolshow nat64 prefix stateless

Examples The following is sample output from the show nat64 prefix stateless globalcommand:

Device# show nat64 prefix stateless globalGlobal Prefix: is valid, 2001::/96IFs Using Global Prefix

Fa0/3/4Fa0/3/5


Table 41: show nat64 prefix stateless global Field Descriptions

DescriptionField

IPv6 stateless prefix configured at the global level.Global Prefix

Lists the interfaces that are using the specified globalprefix.

IFs Using Global Prefix

The following is sample output from the show nat64 prefix stateless interfacescommand.

Device# show nat64 prefix stateless interfaces

Interface NAT64 Enabled Global Stateless PrefixFastEthernet0/3/4 TRUE FALSE 2001::/96


Table 42: show nat64 prefix stateless interfaces Field Descriptions

DescriptionField

Interface name and number.Interface

Information on whether NAT64 is enabled on a route.TRUE if enabled and FALSE if not enabled.

NAT64 Enabled

Information on whether a global prefix is used. TRUEif the global prefix is used and FALSE if the interfaceprefix is used.

Global

Stateless prefix used for NAT64 translation.Stateless Prefix

The following is sample output from the show nat64 prefix stateless static-routescommand. The outputfields are self-explanatory.

Device# show nat64 prefix stateless static-routes

Stateless Prefix Static Route Ref Count2001::/96 1




Assigns a global or interface-specific NAT64 statelessprefix.

nat64 prefix



show nat64 routesTo display information about the configured Network Address Translation 64 (NAT64) routes, use the shownat64 routescommand in privileged EXEC mode.

show nat64 routes [adjacency address| interface type number| prefix prefix-length]

Syntax Description (Optional) Displays the route for an adjacencyaddress.

adjacency

(Optional) Adjacency address for lookup.address

(Optional) Displays routes pointing to an interface.interface

(Optional) Interface type. For more information, usethe question mark (?) online help function.

type

(Optional) Interface or subinterface number. For moreinformation about the numbering syntax for yournetworking device, use the question mark (?) onlinehelp function.

number

(Optional) Displays the route of an IPv4 prefix.prefix

(Optional) Length of the IPv4 prefix. A decimal valuethat indicates howmany of the high-order contiguousbits of the address comprise the prefix (the networkportion of the address).

prefix-length


Privileged EXEC (#)



This command was integrated into Cisco IOS Release 154(1)T.15.4(1)T

Usage Guidelines The output of the show nat64 routes command displays the stateless prefix and adjacency used by the routesand information on whether the routes are enabled.


show ip masks through vrf DHCP poolshow nat64 routes

Examples The following is sample output from the show nat64 routes command:

Device# show nat64 routesIPv4 Prefix Adj. Address Enabled Output IF Global IPv6 Prefix192.0.2.1/24 0.0.19.137 FALSE Fa0/3/4198.51.100.253/24 0.0.19.140 TRUE Fa0/3/0 FALSE 3001::/96


Table 43: show nat64 routes Field Descriptions

DescriptionField

Prefix used by the IPv4 address.IPv4 Prefix

Adjacency address.Adj. Address

Information about whether NAT64 is enabled on aroute. TRUE if enabled and FALSE if not enabled.

Enabled

Output interfaces.Output IF

Information about whether a global prefix is used.TRUE if the global prefix is used and FALSE if theinterface prefix is used.

Global


Specifies the NAT64 stateless prefix to which an IPv4prefix should be translated.

nat64 route


show ip masks through vrf DHCP poolshow nat64 routes

show nat64 servicesTo display the Network Address Translation (NAT64) services, use the show nat64 services command inuser EXEC or privileged EXEC mode.

show nat64 services




Privileged EXEC (#)




Usage Guidelines Cisco IOS XE Release 3.4S supports only FTP service.

Examples The following is sample output from the show nat64 services command:

Device# show nat64 services

NAT64 Services

ftpUDP Enabled: TRUETCP Enabled: TRUEService DefinitionProtocol: 6 Port: 21


Table 44: show nat64 services Field Descriptions

DescriptionField

Indicates whether service translation is enabled bydefault for UDP packets, if the protocol is supportedby the service definition.

UDP Enabled


show ip masks through vrf DHCP poolshow nat64 services

DescriptionField

Indicates whether the service translation is enabledby default for TCP packets, if the protocol issupported by the service definition.

TCP Enabled

The definition of the service (the protocol and portfields for which packets are considered a match tothe given service).

Service Definition


Enables NAT64 FTP service.nat64 service ftp


show ip masks through vrf DHCP poolshow nat64 services

show nat64 statisticsTo display Network Address Translation 64 (NAT64) packet count statistics, use the show nat64statisticscommand in user EXEC or privileged EXEC mode.

show nat64 statistics [global| interface type number| limit|mapping dynamic[acl acl-name pool pool-name| poolpool-name]| prefixstateful ipv6-prefix/prefix-length | stateless ]

Syntax Description (Optional) Displays global NAT64 statistics.global

(Optional) Displays statistics for an interface.interface

(Optional) Interface type. For more information, usethe question mark (?) online help function.

type

(Optional) Interface or subinterface number. For moreinformation about the numbering syntax for yournetworking device, use the question mark (?) onlinehelp function.

number

(Optional) Clears the statistics for a specific limit.<what is the limit?>

limit

(Optional) Displays statistics for a specified prefix.prefix


ipv6-prefix

(Optional) Length of the IPv6 prefix. A decimal valuethat indicates howmany of the high-order contiguousbits of the address comprise the prefix (the networkportion of the address). A slash mark must precedethe decimal value. The valid values are from 0 to 128.

/ prefix-length


Privileged EXEC (#)




show ip masks through vrf DHCP poolshow nat64 statistics

ModificationRelease


Usage Guidelines The output of the show nat64 statistics command displays the interfaces configured for stateless NAT64 andthe packets that were translated or dropped.

Examples The following is sample output from the show nat64 statistics command:

Device# show nat64 statistics

NAT64 Statistics

Total active translations: 3 (1 static, 2 dynamic; 1 extended)Sessions found: 518938Sessions created: 2Expired translations: 1Global Stats:

Packets translated (IPv4 -> IPv6)Stateless: 30Stateful: 259469


Interface StatisticsGigabitEthernet0/1/0 (IPv4 configured, IPv6 not configured):



Packets dropped: 0GigabitEthernet0/1/3 (IPv4 not configured, IPv6 configured):



Packets dropped: 0Dynamic Mapping Statistics

v6v4access-list mylist pool mypool refcount 2

pool mypool:start 34.1.1.1 end 34.1.1.1total addresses 1, allocated 1 (100%)address exhaustion packet count 0

Limit Statisticsmax entry: max allowed 200, used 2, packets exceeded 0


Table 45: show nat64 statistics Field Descriptions

DescriptionField

Statistics of all the NAT64 interfaces.Global Stats



DescriptionField

Number of packets translated from IPv4 to IPv6 andvice versa.

Packets translated

Number of packets dropped. The packets that are nottranslated are dropped.

Packets dropped





show nat64 timeoutsTo display the Network Address Translation 64 (NAT64) translation session timeout, use the show nat64timeouts command in user EXEC or privileged EXEC mode.

show nat64 timeouts




Privileged EXEC (#)




Examples The following is sample output from the show nat64 timeouts command:

Device# show nat64 timeouts

NAT64 TimeoutSeconds CLI Cfg Uses 'All' all flows86400 FALSE FALSE udp300 FALSE TRUE tcp7200 FALSE TRUE tcp-transient240 FALSE FALSE icmp60 FALSE TRUE


Table 46: show nat64 timeouts Field Descriptions

DescriptionField

NAT64 timeout, in seconds.Seconds

Indicates whether the timeout is explicitly configuredthrough the CLI. The timeout values configuredthrough the CLI changes the default timeout values.

CLI Cfg


show ip masks through vrf DHCP poolshow nat64 timeouts




show ip masks through vrf DHCP poolshow nat64 timeouts

show nat64 translationsTo display information about Network Address Translation 64 (NAT64) translations, use the show nat64translations port command in user EXEC or privileged EXEC mode.

show nat64 translations {port number| protocol {icmp | tcp | udp}| v4 {original ipv4-address | translatedipv6-address}| v6 {original ipv6-address | translated ipv4-address}} [total| verbose]

Syntax Description Displays information about NAT64 translationsfiltered by port numbers.

port

Port number. Valid values are from 1 to 65535.number

Displays information about NAT64 translations,filtered by the protocols configured.

protocol

Displays Internet Control Message Protocol(ICMP) entries.

icmp

Displays TCP entries.tcp

Displays UDP entries.udp

Displays information about NAT64 translationsbased on an IPv4 address.

v4

Displays translations for the original address.original

IPv4 address.ipv4-address

Displays information about translations for thetranslated IPv4 or IPv6 address.

translated

IPv6 network number to include in routeradvertisements. This argument must be in theform documented in RFC 2373where the addressis specified in hexadecimal using 16-bit valuesbetween colons.

ipv6-address

Displays information about NAT64 translationsbased on an IPv6 address.

v6

(Optional) Displays the total NAT64 translationcount.

total

(Optional) Displays detailed NAT64 translationinformation.

verbose


show ip masks through vrf DHCP poolshow nat64 translations


Privileged EXEC (#)




Examples The following is sample output from the show nat64 translations port command:

Device# show nat64 translations port 23

Proto Original IPv4 Translated IPv4Translated IPv6 Original IPv6

----------------------------------------------------------------------------

tcp 192.0.2.1:23 [3001::c000:201]:2356.1.1.1:20822 [2001:db8::1]:20822

Total number of translations: 1

The following is sample output from the show nat64 translations v4 original command:

Device# show nat64 translations v4 original 192.0.2.1


----------------------------------------------------------------------------

tcp 192.0.2.1:23 [3001::c000:201]:2356.1.1.1:20822 [2001:db8::1]:20822

icmp 192.0.2.1:2816 [3001::c000:201]:281656.1.1.1:2816 [2001:db8::1]:2816



Table 47: show nat64 translations Field Descriptions

DescriptionField

Protocol type.Proto

IPv4 address that was translated as an IPv6 address.This field displays the IPv4 addresses thatwere translated into IPv6 addresses and theIPv4 addresses that were translated fromIPv6 addresses.

NoteOriginal IPv4 Translated IPv6



DescriptionField


NoteTranslated IPv4 Original IPv6


Displays information about NAT64 translationsfiltered by entry type.

show nat64 translations entry-type

Displays information about NAT64 translationsfiltered by time.

show nat64 translations time

Displays information about the total NAT64translation count.

show nat64 translations total

Displays detailed NAT64 translationinformation.

show nat64 translations verbose



show nat64 translations entry-typeTo display information about Network Address Translation 64 (NAT64) translations filtered by entry type,use the show nat64 translations entry-type command in user EXEC or privileged EXEC mode.

show nat64 translations entry-type {bind {all| dynamic| static}| session} [total| verbose]

Syntax Description Displays information about NAT64 translationmapping entries.

bind

Displays information about all NAT64 translationmapping entries.

all

Displays information about dynamicmapping entries.dynamic

Displays information about static mapping entries.static

Displays information about NAT64 translation sessionentries.

session

(Optional) Displays information about the totalNAT64 translation entry count.

total


verbose


Privileged EXEC (#)



Examples The following is sample output from the show nat64 translations entry-type session command:

Router# show nat64 translations entry-type session


----------------------------------------------------------------------------

--- --- ---56.1.1.1 2001:db8::1


show ip masks through vrf DHCP poolshow nat64 translations entry-type



Table 48: show nat64 translations entry-type session Field Descriptions

DescriptionField

Protocol type.Proto






Displays information about NAT64 translations.show nat64 translations





Displays detailed NAT64 translation information.show nat64 translations verbose


show ip masks through vrf DHCP poolshow nat64 translations entry-type

show nat64 translations redundancyTo display the Network Address Translation 64 (NAT64) translations filtered by redundancy groups (RGs),use the show nat64 translations redundancy command in user EXEC or privileged EXEC mode.

show nat64 translations redundancy group-id [total | verbose]

Syntax Description Redundancy group ID. Valid values are from 1 and2.

group-id

(Optional) Displays information about the totalNAT64 redundancy translations.

total

(Optional) Displays detailed NAT64 redundancytranslation information.

verbose


Privileged EXEC (#)



Usage Guidelines Use the output of the verify the redundancy groups that you have configured.

Examples The following is sample output from the show nat64 translations redundancy command:Device# show nat64 translations redundancy 1


----------------------------------------------------------------------------

209.165.201.2:21 [2001:DB8:1::103]:32847

tcp 10.2.1.11:32863 [2001::3201:10b]:3286310.1.1.1:80 [2001::11]:80

tcp 209.165.201.2:21 [2001:DB8:1::104]:3284810.1.1.1:80 [2001::11]:80

Total number of translations: 3The table below describes the significant fields shown in the display.


show ip masks through vrf DHCP poolshow nat64 translations redundancy

Table 49: show nat64 translations redundancy Field Descriptions

DescriptionField

Protocol type.Proto

IPv4 address that was translated as an IPv6 address.This field displays IPv4 addresses that were translated intoIPv6 addresses and IPv4 addresses that were translated fromIPv6 addresses.


IPv6 address that was translated as an IPv4 address.This field displays IPv6 addresses that were translated intoIPv4 addresses and IPv6 addresses that were translated fromIPv4 addresses.





show ip masks through vrf DHCP poolshow nat64 translations redundancy

show nat64 translations timeTo display information about Network Address Translation 64 (NAT64) translations filtered by time, use theshow nat64 translations time command in user EXEC or privileged EXEC mode.

show nat64 translations time {created | last-used} {newer-than | older-than} day month year hh:mm:ss[total| verbose]

Syntax Description Displays translation entries that were created at thespecified time.

created

Displays the translation entries that were last used atthe specified time.

last-used

Displays translation entries that are newer than thetime stamp.

newer-than

Displays translation entries that are older than thetime stamp.

older-than

Day of the month. Valid values are from 1 to 31.day

Month of the year. Valid values are from January toDecember.

month

Year. Valid values are from 1993 to 2035.year

Time in hh:mm:ss format.hh:mm:ss

(Optional) Displays the total NAT64 translation count.total


verbose


Privileged EXEC (#)




show ip masks through vrf DHCP poolshow nat64 translations time

Examples The following is sample output from the show nat64 translations time created newer-than command:

Router# show nat64 translations time created newer-than 20 June 2011 20:00:00


----------------------------------------------------------------------------

56.1.1.1 2001:db8::1tcp 192.0.2.1:23 [3001::c000:201]:23

56.1.1.1:20822 [2001:db8::1]:20822icmp 192.0.2.1:2816 [3001::c000:201]:2816

56.1.1.1:2816 [2001:db8::1]:2816



Table 50: show nat64 translations time created newer-than Field Descriptions

DescriptionField

Protocol type.Proto











Displays the detailed NAT64 translation information.show nat64 translations verbose


show ip masks through vrf DHCP poolshow nat64 translations time

show nat64 translations totalTo display the total Network Address Translation 64 (NAT64) translation count, use the show nat64translations total command in user EXEC or privileged EXEC mode.

show nat64 translations total [entry-type {bind {all| dynamic| static}| session}| port number| protocol{icmp| tcp| udp}| time {created| last-used} {newer-than| older-than} day month year hh:mm:ss| v4{original ipv4-address| translated ipv6-address}| v6 {original ipv6-address| translated ipv4-address}]

Syntax Description (Optional) Displays information about NAT64translations filtered by entry type.

entry-type

(Optional) Displays information about NAT64translation mapping entries.

bind

(Optional) Displays information about all NAT64translation mapping entries.

all

(Optional) Displays information about dynamicmapping entries.

dynamic

(Optional) Displays information about static mappingentries.

static

(Optional) Displays information about NAT64translation session entries.

session

(Optional) Displays information about NAT64translations filtered by port number. Valid values arefrom 1 to 65535.

port number

(Optional) Displays information about NAT64translations filtered by protocol.

protocol

(Optional) Displays information about InternetControl Message Protocol (ICMP) entries.

icmp

(Optional) Displays information about TCP entries.tcp

(Optional) Displays information about UDP entries.udp

(Optional) Displays information about NAT64translations filtered by time.

time

(Optional) Displays translation entries created at thespecified time.

created


show ip masks through vrf DHCP poolshow nat64 translations total

(Optional) Displays the translation entries that werelast used at the specified time.

last-used

(Optional) Displays translation entries that are newerthan the time stamp.

newer-than

(Optional) Displays translation entries that are olderthan the time stamp.

older-than

(Optional) Day of the month. Valid values are from1 to 31.

day

(Optional) Month of the year. Valid values are fromJanuary to December.

month

(Optional) Year. Valid values are from 1993 to 2035.year

(Optional) Time in hh:mm:ss format.hh:mm:ss

(Optional) Displays information about NAT64translations based on an IPv4 address.

v4

(Optional) Displays information about translationsfor the original IPv4 or IPv6 address.

original

(Optional) IPv4 address.ipv4-address

(Optional) Displays information about translationsfor the translated IPv4 or IPv6 address.

translated


ipv6-address


v6


Privileged EXEC (#)





Examples The following is sample output from the show nat64 translations total command:

Router# show nat64 translations total


The output fields are self-explanatory.










show nat64 translations v4To display Network Address Translation 64 (NAT64) translations based on an IPv4 address, use the shownat64 translations v4 command in user EXEC or privileged EXEC mode.

show nat64 translation v4 {original ipv4-address| translated ipv6-address}total| verbose

Syntax Description Displays translations for the original IPv4 address.original

IPv4-address.ipv4-address

Displays translations for the translated address.translated

IPv6 network number to include in routeradvertisements. This argument must be in the formdocumented in RFC 2373 where the address isspecified in hexadecimal using 16-bit values betweencolons.

ipv6-address

(Optional) Displays the total NAT64 translation count.total


verbose



Privileged EXEC (#)



Examples The following is sample output from theshow nat64 translation v4 original command:

Router# show nat64 translation v4 original 112.1.1.10


----------------------------------------------------------------------------

tcp 112.1.1.10:23 [3001::7001:10a]:2356.1.1.2:12656 [2001::2]:12656


show ip masks through vrf DHCP poolshow nat64 translations v4


The following is sample output from the show nat64 translations v4 translatedcommand:Router# show nat64 translations v4 translated 3001::7001:10a


----------------------------------------------------------------------------

icmp 112.1.1.10:677 [3001::7001:10a]:67756.1.1.2:677 [2001::1b01:10a]:677


Table 51: show nat64 translations v4 Field Descriptions

DescriptionField

Protocol type.Proto

IPv4 address that was translated as an IPv6 address.Original IPv4 Translated IPv6

IPv6 address that was translated as an IPv4 address.Translated IPv4 Original IPv6


Displays NAT64 translations filtered by entrytype.


Displays NAT64 translations filtered by portnumbers.

show nat64 translations port

Displays NAT64 translations filtered byprotocols.

show nat64 translations protocol

Displays NAT64 translations filtered by time.show nat64 translations time

Displays the total NAT64 translation count.show nat64 translations total

Displays NAT64 translations based on an IPv6address.

show nat64 translations v6

Displays detailed NAT64 translationinformation.

show nat64 translations verbose



show nat64 translations v6To display Network Address Translation 64 (NAT64) translations based on an IPv6 address, use the shownat64 translations v4 command in user EXEC or privileged EXEC mode.

show nat64 translations v6{original ipv6-address| translated ipv4-address}[total| verbose]

Syntax Description Displays translations for the original IPv6 address.original

IPv6 network number to include in routeradvertisements. This argument must be in the formdocumented in RFC 2373 where the address isspecified in hexadecimal using 16-bit values betweencolons.

ipv6-address

Displays translations for the translated address.translated

IPv4-address.ipv4-address

Displays the total NAT64 translation count.total

Displays detailed NAT64 translation information.verbose



Privileged EXEC (#)



Examples The following is sample output from the show nat64 translation v6 original command:

Router# show nat64 translations v6 original 2001::2


----------------------------------------------------------------------------

--- --- ---56.1.1.1 2001::2

tcp 112.1.1.10:23 [3001::7001:10a]:23



56.1.1.1:38924 [2001::2]:38924


The following is sample output from the show nat64 translations v6 translated command:Router# show nat64 translations v6 translated 56.1.1.2


----------------------------------------------------------------------------

--- --- ---56.1.1.2 2001::1b01:10a

icmp 112.1.1.10:2370 [3001::7001:10a]:237056.1.1.2:2370 [2001::1b01:10a]:2370


Table 52: show nat64 translations v6 Field Descriptions

DescriptionField

Protocol type.Proto

IPv4 address that was translated as an IPv6 address.Original IPv4 Translated IPv6

IPv6 address that was translated as an IPv4 address.Translated IPv4 Original IPv6



Displays NAT64 translations filtered by entry type.show nat64 translations entry-type

Displays NAT64 translations filtered by port numbers.show nat64 translations port

Displays NAT64 translations filtered by protocols.show nat64 translations protocol


Displays the total NAT64 translation count.show nat64 translation total

Displays NAT64 translations based on an IPv4address.

show nat64 translations v4




show nat64 translations verboseTo display the detailed Network Address Translation 64 (NAT64) translation information, use the show nat64translations verbose command in user EXEC or privileged EXEC mode.

show nat64 translations verbose [entry-type {bind {all| dynamic| static}| session}| port number| protocol{icmp| tcp| udp}| time {created| last-used} {newer-than| older-than} day month year hh:mm:ss| v4{original ipv4-address| translated ipv6-address}| v6 {original ipv6-address| translated ipv4-address}]

Syntax Description (Optional) Displays information about NAT64translations filtered by entry type.

entry-type

(Optional) Displays information about NAT64translation mapping entries.

bind

(Optional) Displays information about all NAT64translation mapping entries.

all

(Optional) Displays information about dynamicmapping entries.

dynamic

(Optional) Displays information about static mappingentries.

static

(Optional) Displays information about NAT64translation session entries.

session

(Optional) Displays information about NAT64translations filtered by port number. Valid values arefrom 1 to 65535.

port number

(Optional) Displays information about NAT64translations filtered by protocol.

protocol

(Optional) Displays information about InternetControl Message Protocol (ICMP) entries.

icmp

(Optional) Displays information about TCP entries.tcp

(Optional) Displays information about UDP entries.udp

(Optional) Displays information about NAT64translations filtered by time.

time

(Optional) Displays translation entries created at thespecified time.

created


show ip masks through vrf DHCP poolshow nat64 translations verbose

(Optional) Displays the translation entries that werelast used at the specified time.

last-used

(Optional) Displays translation entries that are newerthan the time stamp.

newer-than

(Optional) Displays translation entries that are olderthan the time stamp.

older-than

(Optional) Day of the month. Valid values are from1 to 31.

day

(Optional) Month of the year. Valid values are fromJanuary to December.

month

(Optional) Year. Valid values are from 1993 to 2035.year

(Optional) Time in hh:mm:ss format.hh:mm:ss


v4

(Optional) Displays information about translationsfor the original IPv4 or IPv6 address.

original

(Optional) IPv4 address.ipv4-address

(Optional) Displays information about translationsfor the translated IPv4 or IPv6 address.

translated


ipv6-address


v6


Privileged EXEC (#)





Examples The following is sample output from the show nat64 translations verbose command:

Router# show nat64 translations verbose


----------------------------------------------------------------------------

56.1.1.1 2001:db8::1created: 01 Jul 2011 15:27:06, last-used: ---,inactivity-time: ---

flags: noneentry-id: 0000000000, use-count: 3

tcp 192.0.2.1:23 [3001::c000:201]:2356.1.1.1:42485 [2001:db8::1]:42485created: 01 Jul 2011 15:32:01, last-used: 01 Jul 2011 15:32:04,inactivity-time: 00:03:53

flags: timing-out, syn-inentry-id: 0x8ca82cd0, use-count: 1

icmp 192.0.2.1:8552 [3001::c000:201]:855256.1.1.1:8552 [2001:db8::1]:8552created: 01 Jul 2011 15:31:23, last-used: 01 Jul 2011 15:31:23,inactivity-time: 00:00:11

flags: noneentry-id: 0x8ca82c30, use-count: 1

icmp 192.0.2.1:983 [3001::c000:201]:98356.1.1.1:983 [2001:db8::1]:983created: 01 Jul 2011 15:32:06, last-used: 01 Jul 2011 15:32:06,inactivity-time: 00:00:54

flags: noneentry-id: 0x8ca82d70, use-count: 1



Table 53: show nat64 translations verbose Field Descriptions

DescriptionField

Protocol type.Proto





The date and time when the entry was created.created

The date and time when the entry was last used.last-used





Displays NAT64 translations filtered by entry type.show nat64 translations entry-type


Displays the total NAT64 translation count.show nat64 translations total



show nhrp debug-conditionTo display the Next Hop Resolution Protocol (NHRP) conditional debugging information, use the show nhrpdebug-conditioncommand in privileged EXEC mode.

show nhrp debug-condition





Examples The following is sample output from the show nhrp debug-condition command:

Router# show nhrp debug-conditionPeer NBMA addresses under debug are:1.1.1.1,Interfaces under debug are:Tunnel1, Peer Tunnel addresses under debug are:2.2.2.2,The output if self-explanatory. It displays the conditional debugging information for NHRP.


Enables the NHRP conditional debugging.debug nhrp condition


show ip masks through vrf DHCP poolshow nhrp debug-condition

show nhrp group-mapTo display the details of NHRP group mappings, use the show nhrp group-map command in user EXEC orprivileged EXEC mode.

show nhrp group-map [group-name]

Syntax Description (Optional) Name of an NHRP group mapping forwhich information will be displayed.

group-name

Command Default Information is displayed for all NHRP group mappings.


Privileged EXEC (#)



This commandwas integrated into Cisco IOSXERelease 3.11S.Cisco IOS XE Release 3.11S

Usage Guidelines This command displays the details on NHRP group mappings on the hub along with the list of tunnels usingeach of the NHRP groups defined in the mappings. In combination with the show ip nhrp command, thiscommand lets you easily determine which QoS policy map is applied to a specific tunnel endpoint.

This command displays the details of the specified NHRP group mapping. The details include the associatedQoS policy name and the list of tunnel endpoints using the QoS policy. If no option is specified, it displaysthe details of all NHRP group mappings.

This command will replace the show ip nhrp group-map command in a future release.Note

Examples The following is sample output from the show nhrp group-map command:

Device# show nhrp group-map

Interface: Tunnel0NHRP group: spoke_group1QoS policy: group1_parentTransport endpoints using the qos policy: None

NHRP group: spoke_group2


show ip masks through vrf DHCP poolshow nhrp group-map

QoS policy: group2_parentTransport endpoints using the qos policy: None

NHRP group: spoke_group3QoS policy: group3_parentTransport endpoints using the qos policy: None

The following is sample output from the show nhrp group-map command for an NHRP group namedtest-group-0:

Device# show nhrp group-map test-group-0

Interface: Tunnel0NHRP group: tes-group-0QoS policy: group3_parentTransport endpoints using the qos policy:6001::1000:1


Table 54: show nhrp group-map Field Descriptions

DescriptionField

Interface on which the policy is configured.Interface

NHRP group associated with the QoS policy on theinterface.

NHRP group

QoS policy configured on the interface.QoS policy

List of transport endpoints using the QoS policy.Transport endpoints using the qos policy



ip nhrp map

Configures an NHRP group on a spoke.nhrp group


nhrp map group






show ip masks through vrf DHCP poolshow nhrp group-map

show platform hardware qfp featureTo display feature-specific information in the Cisco Quantum Flow Processor (QFP), use the show platformhardware qfp featurecommand in privileged EXEC mode.

show platform hardware qfp {active| standby} feature alg {memory| statistics [protocol| clear [clear]]}

Syntax Description Displays the active instance of the processor.active

Displays the standby instance of the processor.standby

Displays the Application Level Gateway (ALG)information of the processor.

alg

Displays ALG memory usage information of theprocessor.

memory

Displays ALG common statistics information of theprocessor.

statistics


show ip masks through vrf DHCP poolshow platform hardware qfp feature

Protocol name. It can be one of the following values:

• dns --Displays Domain Name System (DNS)ALG information in the QFP datapath.

• exec --Displays exec ALG information in theQFP datapath.

• ftp --Displays FTPALG information in the QFPdatapath.

• h323 --Displays H.323 ALG information in theQFP datapath.

• http --Displays HTTP ALG information in theQFP datapath.

• imap --Displays Internet Message AccessProtocol (IMAP) ALG information in the QFPdatapath.

• ldap --Displays Lightweight Directory AccessProtocol (LDAP) ALG information in the QFPdatapath.

• login --Displays login ALG information in theQFP datapath.

• netbios --Displays Network Basic Input OutputSystem (NetBIOS)ALG information in theQFPdatapath.

• pop3 --Displays pop3 ALG information in theQFP datapath.

• rtsp --Displays Rapid Spanning Tree Protocol(RSTP) ALG information in the QFP datapath.

• shell --Displays shell ALG information in theQFP datapath.

• sip --Displays Session Initiation Protocol (SIP)ALG information in the QFP datapath.

• skinny --Displays skinny ALG information inthe QFP datapath.

• smtp --Displays SimpleMail Transfer Protocol(SMTP) ALG information in the QFP datapath.

• sunrpc --Displays Sun RPC ALG informationin the QFP datapath.

• tftp --Displays TFTP ALG information in theQFP datapath.

protocol

(Optional) Clears ALG common counters afterdisplay.

clear



(Optional) Clears the ALG counters.clear



This command was introduced.Cisco IOS XE Release 2.2

This command was modified. Support for the NetBIOS protocolwas added.


This command was modified. The show output was modified todisplay SIP statistics information.


Usage Guidelines The show platform hardware qfp feature command when used withthe netbios keyworddisplays theNetBIOS ALG memory usage and statistics information of the processor.

Examples The following example displays the NetBIOS ALG statistics information of the processor:

Router# show platform hardware qfp active feature alg statistics netbiosNetBIOS ALG Statistics:No. of allocated chunk elements in L7 data pool:0No. of times L7 data is allocated:0 No. of times L7 data is freed:0Datagram Service statisticsTotal packets :0Direct unique packets :0Direct group packets :0Broadcast packets :0DGM Error packets :0Query request packets :0Positive Qry response packets :0Netgative Qry response packets:0Unknown packets :0Total error packets :0

Name Service statisticsTotal packets :0Query request packets :0Query response packets :0Registration req packets :0Registration resp packets:0Release request packets :0Release response packets :0WACK packets :0Refresh packets :0Unknown packets :0Total error packets :0

Session Service statisticsTotal packets :0Message packets :0Request packets :0Positive response packets:0Negative response packets:0Retarget response packets:0Keepalive packets :0



Unknown packets :0Total error packets :0


Table 55: show platform hardware qfp feature Field Descriptions

DescriptionField

Number of memory chunks allocated for processingNetBIOS packets.

No. of allocated chunk elements in L7 data pool

Number of times memory is allocated and freed forprocessing NetBIOS packets.

No. of times L7 data is allocated:0 No. of times L7data is freed

Number of direct unique NetBIOS packets processed.Direct unique packets

Number of direct group NetBIOS packets processed.Direct group packets

Number of broadcast NetBIOS packets processed.Broadcast packets

Number of Datagram Error NetBIOS packetsprocessed.

DGM Error packets

Number of query request NetBIOS packets processed.Query request packets

Number of positive query response NetBIOS packetsprocessed.

Positive Qry response packets

Number of negative query response NetBIOS packetsprocessed.

Negative Qry response packets

Number of unknown packets.Unknown packets

Counter tracking number of error packets.Total error packets

The following example displays SIP statistics information of the processor. The field descriptions areself-explanatory.

Router# show platform hardware qfp active feature alg statistics sipSIP info pool used chunk entries number: 0RECEIVERegister: 0 -> 200-OK: 0Invite: 0 -> 200-OK: 0 Re-invite 0Update: 0 -> 200-OK: 0Bye: 0 -> 200-OK: 0Trying: 0 Ringing: 0 Ack: 0Info: 0 Cancel: 0 Sess Prog: 0Message: 0 Notify: 0 Prack: 0OtherReq: 0 OtherOk: 0EventsNull dport: 0 Media Port Zero: 0Malform Media: 0 No Content Length: 0Cr Trunk Chnls: 0 Del Trunk Chnls: 0Cr Normal Chnls: 0 Del Normal Chnls: 0



Media Addr Zero: 0 Need More Data: 0ErrorsCreate Token Err: 0 Add portlist Err: 0Invalid Offset: 0 Invalid Pktlen: 0Free Magic: 0 Double Free: 0Retmem Failed: 0 Malloc Failed: 0Bad Format: 0 Invalid Proto: 0Add ALG state Fail: 0 No Call-id: 0Parse SIP Hdr Fail: 0 Parse SDP Fail: 0Error New Chnl: 0 Huge Size: 0Create Failed: 0Writeback ErrorsOffset Err: 0 PA Err: 0No Info: 0


Debugs feature-specific information in the QFP.debug platform hardware qfp feature



show platform hardware qfp feature alg statistics sipTo display Session Initiation Protocol (SIP) application layer gateway (ALG)-specific statistics informationin the Cisco Quantum Flow Processor (QFP), use the show platform hardware qfp feature alg statisticssip command in privileged EXEC mode.

show platform hardware qfp feature alg statistics sip [clear | dbl [all | clear | entry entry-string [clear]]| dblcfg | l7data {callid call-id | clear} | processor | timer]

Syntax Description (Optional) Clears ALG counters after display.clear

(Optional) Displays brief information about all SIP blacklist data.dbl

(Optional) Displays all dynamic blacklist entries: blacklisted and nonblacklisted entries.

all

(Optional) Clears the specified blacklist entry.entry entry-string

(Optional) Displays all SIP blacklist settings.dblcfg

(Optional) Displays brief information about all SIP Layer 7 data.l7data

(Optional) Displays information about the specified SIP call ID.callid call-id

(Optional) Displays SIP processor settings.processor

(Optional) Displays SIP timer settings.timer




Usage Guidelines This command displays the following error details:

• Session write lock exceeded

• Global write lock exceeded

• Blacklisted

This command also displays the following event details:


show ip masks through vrf DHCP poolshow platform hardware qfp feature alg statistics sip

• Blacklist triggered

• Blacklist timeout

A blacklist is a list of entities that are denied a particular privilege, service, or access.

Examples The following is sample output from the show platform hardware qfp active feature alg statistics sipcommand:Device# show platform hardware qfp active feature alg statistics sip

Events...Cr dbl entry: 10 Del dbl entry: 10Cr dbl cfg entry: 8 Del dbl cfg entry: 4start dbl trig tmr: 10 restart dbl trig tmr: 1014stop dbl trig tmr: 10 dbl trig timeout: 1014start dbl blk tmr: 0 restart dbl blk tmr: 0stop dbl blk tmr: 0 dbl blk tmr timeout: 0start dbl idle tmr: 10 restart dbl idle tmr: 361stop dbl idle tmr: 1 dbl idle tmr timeout: 9

DoS ErrorsDbl Retmem Failed: 0 Dbl Malloc Failed: 0DblCfg Retm Failed: 0 DblCfg Malloc Failed: 0Session wlock ovflw: 0 Global wlock ovflw: 0Blacklisted: 561


Table 56: show platform hardware qfp active feature alg statistics sip Field Descriptions

DescriptionField

Number of dynamic blacklist entries.CR dbl entry

Number of events that have started the dynamic blacklist timer.start dbl blk tmr

Number of events that have stopped the dynamic blacklist idletimer.

stop dbl idle tmr

Number of dynamic blacklist entries deleted.Del dbl entry

Number of dynamic blacklist trigger timers restarted.restart dbl trig tmr

Number of dynamic blacklist trigger timers timed out.dbl trig timeout

Number of dynamic blacklist timers to be restarted.restart dbl blk tmr

Number of dynamic blacklist idle timers timed out.dbl idle tmr timeout

Denial of service (DoS) related errors.DoS Errors

Number of dynamic blacklist return memory failures.Dbl Retmem Failed



DescriptionField

Number of dynamic blacklist configuration return memoryfailures.

DblCfg Retm Failed

Number of packets that are dropped because the session-levelwrite lock number is exceeded.

Session wlock ovflw

Number of packets dropped by dynamic blacklisting.Blacklisted

Number of dynamic blacklist memory allocation failures.Dbl Malloc Failed

Number of dynamic blacklist configurationmemory allocationfailures.

DblCfg Malloc Failed

Number of packets dropped because the global-level write-locknumber is exceeded.

Global wlock ovflw

The following is sample output from the show platform hardware qfp active feature alg statistics sip dblentry command:Device# show platform hardware qfp active feature alg statistics sip dbl entry a4a051e0a4a1ebd

req_src_addr: 10.74.30.189 req_dst_addr: 10.74.5.30trigger_period: 1000(ms) block_timeout: 30(sec)idle_timeout: 60(sec) dbl_flags: 0x 1cfg_trig_cnt: 5 cur_trig_cnt: 0


Table 57: show platform hardware qfp active feature alg statistics sip Field Descriptions

DescriptionField

Source IP address of a SIP request message.req_src_addr

Dynamic blacklist trigger period.trigger_period

Dynamic blacklist idle timeout entry.idle_timeout

Configured trigger counter.cfg_trig_cnt

Destination IP address of a SIP request message.req_dst_addr

Dynamic blacklist block timeout.block_timeout

Dynamic blacklist entry flags.dbl_flags

Current trigger counter.cur_trig_cnt



Related Commands Configures a dynamic SIP ALG blacklist fordestinations.

alg sip blacklist

Configures the maximum number of backlogmessages that wait for shared resources.

alg sip processor

Configures a timer that SIP ALG uses to manage SIPcalls.

alg sip timer



show platform software trace messageTo display trace messages for a module, enter the show platform software trace message command inprivileged EXEC mode or diagnostic mode.

show platform software trace message process hardware-module slot

Syntax Description The process in which the tracing level is being set.The following keywords are available:

• chassis-manager --The Chassis Managerprocess.

• cpp-control-process --The Cisco packetprocessor (CPP) Control process.

• cpp-driver --The CPP driver process.

• cpp-ha-server --TheCPP high availability (HA)server process.

• cpp-service-process --The CPP service process.

• forwarding-manager --The ForwardingManager process.

• host-manager --The Host Manager process.

• interface-manager --The Interface Managerprocess.

• ios --The Cisco IOS process.

• logger --The logging manager process.

• pluggable-services --The pluggable servicesprocess.

• shell-manager --The Shell Manager process.

process

Tthe hardware module where the process whose tracelevel is being set is running. The following keywordsare available:

• carrier-card --The process is on an SPAInterface Processor (SIP).

• forwarding-processor --The process is on anembedded services processor (ESP).

• route-processor --The process is on an routeprocessor (RP).

hardware-module


show ip masks through vrf DHCP poolshow platform software trace message

The slot of the hardware module. Options are asfollows:

• number --The number of the SIP slot of thehardware module where the trace level is beingset. For instance, if you want to specify the SIPin SIP slot 2 of the router, enter 2.

• SIP-slot / SPA-bay --The number of the SIProuter slot and the number of the shared portadapter (SPA) bay of that SIP. For instance, ifyou want to specify the SPA in bay 2 of the SIPin router slot 3, enter 3/2.

• cpp active --The CPP in the active ESP.

• cpp standby --The CPP in the standby ESP.

• f0 --The ESP in ESP slot 0.

• f1 --The ESP in ESP slot 1

• fp active --The active ESP.

• fp standby --The standby ESP.

slot

• r0 --The RP in RP slot 0.

• r1 --The RP in RP slot 1.

• rp active --The active RP.

• rp standby --The standby RP.

• qfp active --The active Quantum FlowProcessor (QFP)

Command Modes Privileged EXEC (#) Diagnostic (diag)


This command was introduced.Cisco IOS XE Release 2.1

This command was modified. The command output displaysthe truncated traceback message also.

12.2(33)XND

The qfp active keywords were added.Cisco IOS XE Release XE 3.1S



Usage Guidelines The show platform software trace message command is used to display trace messages from an in-memorymessage ring of a module’s process that keeps a condensed historical record of all messages. Although allmessages are saved in a trace log file unmodified, only the first 128 bytes of a message are saved in the messagering. The size limitation does not apply to the traceback portion of a message.

Examples The following example shows how to display the trace messages for the Host Manager process in RP slot 0using the show platform software trace message command:

Router# show platform software trace message host-manager R008/23 12:09:14.408 [uipeer]: (info): Looking for a ui_req msg08/23 12:09:14.408 [uipeer]: (info): Start of request handling for con 0x100a61c808/23 12:09:14.399 [uipeer]: (info): Accepted connection for 14 as 0x100a61c808/23 12:09:14.399 [uipeer]: (info): Received new connection 0x100a61c8 on descriptor 1408/23 12:09:14.398 [uipeer]: (info): Accepting command connection on listen fd 708/23 11:53:57.440 [uipeer]: (info): Going to send a status update to the shell manager inslot 008/23 11:53:47.417 [uipeer]: (info): Going to send a status update to the shell manager inslot 0The following example shows a truncated message that has a traceback. The truncated portion of the messageis indicated by an ellipsis (...):

03/02 15:47:44.002 [errmsg]: (ERR): %EVENTLIB-3-TIMEHOG: read asyncon 0x100a9260: 60618ms,Traceback=1#862f8780825f93a618ecd9 ...Traceback=1#862f8780825f93a618ecd9dd48b3be96evlib:FCAF000+CC00 evlib:FCAF000+A6A8 evutil:FFCA000+ADD0 evutil:FFCA000+5A80evutil:FFCA000+A68C uipeer:FF49000+10AFC evlib:FCAF000+D28C evlib:FCAF000+F4C4 :10000000+1B24Cc:EF44000+1D078 c:EF44000+1D220


Sets the trace level for a specific module.set platform software trace

Displays trace levels for a module.show platform software trace levels



show redundancy application control-interface groupTo display control interface information for a redundancy group, use the show redundancy applicationcontrol-interface group command in privileged EXEC mode.

show redundancy application control-interface group [ group-id ]

Syntax Description (Optional) Redundancy group ID. Valid values are 1and 2.

group-id




This command was integrated into Cisco IOS XE Release3.9S.


Usage Guidelines The show redundancy application control-interfacecommand shows information for the redundancy groupcontrol interfaces.

Examples The following is sample output from the show redundancy application control-interface command:

Router# show redundancy application control-interface group 2The control interface for rg[2] is GigabitEthernet0/1/0Interface is Control interface associated with the following protocols: 2 1BFD EnabledInterface Neighbors:

Examples The following is a sample output from the show redundancy application control-interface group commandon Cisco 4400 Series ISR:

Router# show redundancy application control-interface groupThe control interface for rg[1] is GigabitEthernet0/0/0Interface is Control interface associated with the following protocols: 2 1BFD EnabledInterface Neighbors:Peer: 1.1.1.2 Active RGs: 1 Standby RGs: 2 BFD handle: 0

The control interface for rg[2] is GigabitEthernet0/0/0Interface is Control interface associated with the following protocols: 2 1BFD EnabledInterface Neighbors:Peer: 1.1.1.2 Active RGs: 1 Standby RGs: 2 BFD handle: 0


show ip masks through vrf DHCP poolshow redundancy application control-interface group


Displays fault-specific information for a redundancygroup.

show redundancy application faults

Displays redundancy group information.show redundancy application group

Displays if-mgr information for a redundancy group.show redundancy application if-mgr

Displays protocol-specific information for aredundancy group.

show redundancy application protocol


show ip masks through vrf DHCP poolshow redundancy application control-interface group

show redundancy application data-interfaceTo display data interface-specific information, use the show redundancy application data-interfacecommandin privileged EXEC mode.

show redundancy application data-interface group [ group-id ]

Syntax Description Specifies the redundancy group.group

(Optional) Redundancy group ID. Valid values are 1and 2.

group-id






Usage Guidelines The show redundancy application data-interface command displays information about the redundancygroup data interfaces.

Examples The following is sample output from the show redundancy application data-interface command:

Router# show redundancy application data-interface group 1The data interface for rg[1] is GigabitEthernet0/1/1

Examples The following sample output shows configuration details for redundancy application group 1 and group 2from the show redundancy application data-interface command

Router# show redundancy application data-interface group 1The data interface for rg[1] is GigabitEthernet0/0/1

Router # show redundancy application data-interface group 2The data interface for rg[2] is GigabitEthernet0/0/1


show ip masks through vrf DHCP poolshow redundancy application data-interface


Displays control interface information for aredundancy group.

show redundancy application control-interface








show ip masks through vrf DHCP poolshow redundancy application data-interface

show redundancy application faults groupTo display fault-specific information for a redundancy group, use the show redundancy application faultsgroupcommand in privileged EXEC mode.

show redundancy application faults group [ group-id ]

Syntax Description (Optional) Redundancy group ID. Valid values are 1and 2.

group-id






Usage Guidelines The show redundancy application faultscommand shows information returned by redundancy group faults.

Examples The following is sample output from the show redundancy application faults command:

Router# show redundancy application faults group 2Faults states Group 2 info:

Runtime priority: [150]RG Faults RG State: Up.

Total # of switchovers due to faults: 2Total # of down/up state changes due to faults: 2

Examples The following is a sample output from the show redundancy application faults command

Router# show redundancy application faults groupFaults states Group 1 info:Runtime priority: [50]RG Faults RG State: Up.Total # of switchovers due to faults: 0Total # of down/up state changes due to faults: 2Faults states Group 2 info:Runtime priority: [135]RG Faults RG State: Up.Total # of switchovers due to faults: 0Total # of down/up state changes due to faults: 2


show ip masks through vrf DHCP poolshow redundancy application faults group

Table 58: show redundancy application group all Field Descriptions

DescriptionField

Redundancy group faults information for Group 1.Faults states Group 1 info

Current redundancy group priority of the group. Thisfield is important whenmonitoring redundancy groupswitchover and when configuring interface tracking.

Runtime priority

Redundancy group state returned by redundancygroup faults.

RG Faults RG State

Number of switchovers triggered by redundancygroup fault events.

Total # of switchovers due to faults

Number of down and up state changes triggered byredundancy group fault events.

Total # of down/up state changes due to faults









show ip masks through vrf DHCP poolshow redundancy application faults group

show redundancy application groupTo display the redundancy group information, use the show redundancy application group command inprivileged EXEC mode.

show redundancy application group [group-id | all]

Syntax Description (Optional) Redundancy group ID. Valid values are 1 and 2.group-id

(Optional) Display information about all redundancy groups.all




This command was integrated into Cisco IOS Release15.3(2)T.

15.3(2)T

This command was implemented on Cisco ISR 4400 SeriesIntegration Service Routers.


Usage Guidelines Use the show redundancy application group command to display the current state of each interbox redundancygroup on the device and the peer device.

Examples The following is sample out from the show redundancy application group command:

Device# show redundancy application group 1

Group ID:1Group Name: Generic-Redundancy-1

Administrative State: No ShutdownAggregate operational state : UpMy Role: STANDBYPeer Role: ACTIVEPeer Presence: YesPeer Comm: YesPeer Progression Started: Yes

RF Domain: btob-oneRF state: STANDBY HOTPeer RF state: ACTIVE

Device# show redundancy application group 2


show ip masks through vrf DHCP poolshow redundancy application group

Group ID:2Group Name: Generic-Redundancy2

Administrative State: No ShutdownAggregate operational state : UpMy Role: ACTIVEPeer Role: STANDBYPeer Presence: YesPeer Comm: YesPeer Progression Started: Yes

RF Domain: btob-twoRF state: ACTIVEPeer RF state: STANDBY HOT

Examples The following is sample output from the show redundancy application group all command:

Device# show redundancy application group all

Faults states Group 1 info:Runtime priority: [200]

RG Faults RG State: Up.Total # of switchovers due to faults: 3Total # of down/up state changes due to faults: 2

Group ID:1Group Name:grp2Administrative State: No ShutdownAggregate operational state : UpMy Role: ACTIVEPeer Role: UNKNOWNPeer Presence: NoPeer Comm: NoPeer Progression Started: NoRF Domain: btob-one

RF state: ACTIVEPeer RF state: DISABLED

RG Protocol RG 1------------------

Role: ActiveNegotiation: EnabledPriority: 200Protocol state: ActiveCtrl Intf(s) state: DownActive Peer: LocalStandby Peer: Not existLog counters:

role change to active: 2role change to standby: 0disable events: rg down state 1, rg shut 0ctrl intf events: up 0, down 2, admin_down 1reload events: local request 3, peer request 0

RG Media Context for RG 1--------------------------

Ctx State: ActiveProtocol ID: 1Media type: DefaultControl Interface: GigabitEthernet0/1/0Hello timer: 5000Effective Hello timer: 5000, Effective Hold timer: 15000LAPT values: 0, 0Stats:

Pkts 0, Bytes 0, HA Seq 0, Seq Number 0, Pkt Loss 0Authentication not configuredAuthentication Failure: 0Reload Peer: TX 0, RX 0Resign: TX 1, RX 0

Standby Peer: Not Present.Faults states Group 2 info:

Runtime priority: [150]



RG Faults RG State: Up.Total # of switchovers due to faults: 2Total # of down/up state changes due to faults: 2

Group ID:2Group Name:name1Administrative State: No ShutdownAggregate operational state : UpMy Role: ACTIVEPeer Role: UNKNOWNPeer Presence: NoPeer Comm: NoPeer Progression Started: NoRF Domain: btob-two

RF state: ACTIVEPeer RF state: DISABLED

RG Protocol RG 2------------------

Role: ActiveNegotiation: EnabledPriority: 150Protocol state: ActiveCtrl Intf(s) state: DownActive Peer: LocalStandby Peer: Not existLog counters:

role change to active: 1role change to standby: 0disable events: rg down state 1, rg shut 0ctrl intf events: up 0, down 2, admin_down 1reload events: local request 2, peer request 0

RG Media Context for RG 2--------------------------

Ctx State: ActiveProtocol ID: 2Media type: DefaultControl Interface: GigabitEthernet0/1/0Hello timer: 5000Effective Hello timer: 5000, Effective Hold timer: 15000LAPT values: 0, 0Stats:

Pkts 0, Bytes 0, HA Seq 0, Seq Number 0, Pkt Loss 0Authentication not configuredAuthentication Failure: 0Reload Peer: TX 0, RX 0Resign: TX 0, RX 0

Standby Peer: Not Present.The table below describes the significant fields shown in the display.

Table 59: show redundancy application group all Field Descriptions

DescriptionField

Redundancy group faults information for Group 1.Faults states Group 1 info

Current priority of the redundancy group.Runtime priority

Redundancy group state returned by redundancy groupfaults.

RG Faults RG State

Number of switchovers triggered by redundancy group faultevents.

Total # of switchovers due to faults

Number of down and up state changes triggered byredundancy group fault events.

Total # of down/up state changes due to faults



DescriptionField

Redundancy group ID.Group ID

Redundancy group name.Group Name

Redundancy group state configured by users.Administrative State

Current redundancy group state.Aggregate operational state

Current role of the device.My Role

Current role of the peer device.Peer Role

Indicates if the peer device is detected or not.Peer Presence

Indicates the communication state with the peer device.Peer Comm

Indicates if the peer device has started RedundancyFramework (RF) progression.

Peer Progression Started

Name of the RF domain for the redundancy group.RF Domain


Displays control interface information for a redundancygroup.

show redundancy applicationcontrol-interface

Displays fault-specific information for a redundancy group.show redundancy application faults


Displays protocol-specific information for a redundancygroup.




show redundancy application if-mgrTo display interface manager information for a redundancy group, use the show redundancy applicationif-mgr command in privileged EXEC mode.

show redundancy application if-mgr group [ group-id ]

Syntax Description Specifies the redundancy group.group

(Optional) Redundancy group ID. Valid values are 1to 2.

group-id






Usage Guidelines The show redundancy application if-mgr command shows information of traffic interfaces protected byredundancy groups. When a traffic interface is functioning with the redundancy group, the state is no shut onthe active device, and shut on the standby device. On the other hand, it is always shut on the standby device.

Examples The following sample output shows configuration details of redundancy group 1 and redudancy group 2from the show redundancy application if-mgr command

Router# show redundancy application if-mgr group 1RG ID: 1==========

interface GigabitEthernet0/0/3.152---------------------------------------VMAC 0007.b421.4e21VIP 55.1.1.255Shut shutDecrement 10

interface GigabitEthernet0/0/2.152---------------------------------------VMAC 0007.b421.5209VIP 45.1.1.255Shut shutDecrement 10


show ip masks through vrf DHCP poolshow redundancy application if-mgr

Router# show redundancy application if-mgr group 2RG ID: 2==========

interface GigabitEthernet0/0/3.166---------------------------------------VMAC 0007.b422.14d6VIP 4.1.255.254Shut no shutDecrement 10

interface GigabitEthernet0/0/2.166---------------------------------------VMAC 0007.b422.0d06VIP 3.1.255.254Shut no shutDecrement 10

Examples The following is sample output from the show redundancy application if-mgr command:

Router# show redundancy application if-mgr group 2RG ID: 2Interface VIP VMAC Shut Decrement==========================================================GigabitEthernet0/1/7 10.1.1.3 0007.b422.0016 no shut 50GigabitEthernet0/3/1 11.1.1.3 0007.b422.0017 no shut 50The table below describes the significant fields shown in the display.

Table 60: show redundancy application if-mgr Field Descriptions

DescriptionField

Redundancy group ID.RG ID

Interface name.Interface

Virtual IP address for this traffic interface.VIP

Virtual MAC address for this traffic interface.VMAC

The state of this interface.

It is always “shut” on the standbybox.

Note

Shut

The decrement value for this interface. When thisinterface goes down, the runtime priority of itsredundancy group decreases.

Decrement






DescriptionCommand




Displays protocol-specific information for aredundancy group




show redundancy application protocolTo display protocol-specific information for a redundancy group, use the show redundancy applicationprotocolcommand in privileged EXEC mode.

1

show redundancy application protocol {protocol-id| group [ group-id ] }

Syntax Description Protocol ID. The range is from 1 to 8.protocol-id

Specifies the redundancy group.group


group-id






Usage Guidelines The show redundancy application protocolcommand shows information returned by redundancy groupprotocol.

Examples The following is sample output from the show redundancy application protocol command:

Router# show redundancy application protocol 3

Protocol id: 3, name:BFD: ENABLEHello timer in msecs: 0Hold timer in msecs: 0The table below describes the significant fields shown in the display.

1


show ip masks through vrf DHCP poolshow redundancy application protocol

Table 61: show redundancy application protocol Field Descriptions

DescriptionField

Redundancy group protocol ID.Protocol id

Indicates whether the BFD protocol is enabled for theredundancy group protocol.

BFD

Redundancy group hello timer, in milliseconds, forthe redundancy group protocol. The default is 3000msecs.

Hello timer in msecs

Redundancy group hold timer, in milliseconds, forthe redundancy group protocol. The default is 10000msecs.

Hold timer in msecs

Examples The following is a sample output from the show redundancy application protocol command for the Cisco4400 Series ISR.

Router# show redundancy application protocolRG Protocol RG 1------------------Role: StandbyNegotiation: EnabledPriority: 50Protocol state: Standby-hotCtrl Intf(s) state: UpActive Peer: address 1.1.1.2, priority 150, intf Gi0/0/0Standby Peer: LocalLog counters:role change to active: 0role change to standby: 1disable events: rg down state 1, rg shut 0ctrl intf events: up 2, down 1, admin_down 1reload events: local request 0, peer request 0

RG Media Context for RG 1--------------------------Ctx State: StandbyProtocol ID: 1Media type: DefaultControl Interface: GigabitEthernet0/0/0

Current Hello timer: 3000Configured Hello timer: 3000, Hold timer: 10000Peer Hello timer: 3000, Peer Hold timer: 10000Stats:Pkts 117, Bytes 7254, HA Seq 0, Seq Number 117, Pkt Loss 0Authentication not configuredAuthentication Failure: 0Reload Peer: TX 0, RX 0Resign: TX 0, RX 0Active Peer: Present. Hold Timer: 10000Pkts 115, Bytes 3910, HA Seq 0, Seq Number 1453975, Pkt Loss 0

RG Protocol RG 2------------------Role: ActiveNegotiation: EnabledPriority: 135



Protocol state: ActiveCtrl Intf(s) state: UpActive Peer: LocalStandby Peer: address 1.1.1.2, priority 130, intf Gi0/0/0

Log counters:role change to active: 1role change to standby: 1disable events: rg down state 1, rg shut 0ctrl intf events: up 2, down 1, admin_down 1reload events: local request 0, peer request 0

RG Media Context for RG 2--------------------------Ctx State: ActiveProtocol ID: 2Media type: DefaultControl Interface: GigabitEthernet0/0/0Current Hello timer: 3000Configured Hello timer: 3000, Hold timer: 10000Peer Hello timer: 3000, Peer Hold timer: 10000Stats:Pkts 118, Bytes 7316, HA Seq 0, Seq Number 118, Pkt Loss 0Authentication not configuredAuthentication Failure: 0Reload Peer: TX 0, RX 0Resign: TX 0, RX 1Standby Peer: Present. Hold Timer: 10000

Pkts 102, Bytes 3468, HA Seq 0, Seq Number 1453977, Pkt Loss 0










show redundancy application transportTo display transport-specific information for a redundancy group, use the show redundancy applicationtransportcommand in privileged EXEC mode.

show redundancy application transport {client| group [ group-id ]}

Syntax Description Displays transport client-specific information.client

Displays the redundancy group name.group


group-id






Usage Guidelines The show redundancy application transport command shows information for redundancy group transport.

Examples The following is sample output from the show redundancy application transport group command:

Router# show redundancy application transport group 1Transport Information for RG (1)

Examples The following is a sample output from the show redundancy application transport client command

Router# show redundancy application transport clientClient Conn# Priority Interface L3 L4( 0)RF 0 1 CTRL IPV4 SCTP

( 1)MCP_HA 1 1 DATA IPV4 UDP_REL

( 4)AR 0 1 ASYM IPV4 UDP

( 5)CF 0 1 DATA IPV4 SCTP


show ip masks through vrf DHCP poolshow redundancy application transport

The following is a sample output from the show redundancy application transport group command

Router# show redundancy application transport groupTransport Information for RG (1)Client = RFTI conn_id my_ip my_port peer_ip peer_por intf L3 L40 0 1.1.1.1 59000 1.1.1.2 59000 CTRL IPV4 SCTPClient = MCP_HATI conn_id my_ip my_port peer_ip peer_por intf L3 L41 1 9.9.9.2 53000 9.9.9.1 53000 DATA IPV4 UDP_RELClient = ARTI conn_id my_ip my_port peer_ip peer_por intf L3 L42 0 0.0.0.0 0 0.0.0.0 0 NONE_IN NONE_L3 NONE_L4Client = CFTI conn_id my_ip my_port peer_ip peer_por intf L3 L43 0 9.9.9.2 59001 9.9.9.1 59001 DATA IPV4 SCTPTransport Information for RG (2)Client = RFTI conn_id my_ip my_port peer_ip peer_por intf L3 L48 0 1.1.1.1 59004 1.1.1.2 59004 CTRL IPV4 SCTPClient = MCP_HATI conn_id my_ip my_port peer_ip peer_por intf L3 L49 1 9.9.9.2 53002 9.9.9.1 53002 DATA IPV4 UDP_RELClient = ARTI conn_id my_ip my_port peer_ip peer_por intf L3 L410 0 0.0.0.0 0 0.0.0.0 0 NONE_IN NONE_L3 NONE_L4Client = CFTI conn_id my_ip my_port peer_ip peer_por intf L3 L411 0 9.9.9.2 59005 9.9.9.1 59005 DATA IPV4 SCTP











show ip masks through vrf DHCP poolshow redundancy application transport

show running-config mdns-sd policyTo display current running multicast Domain Name System (mDNS) service-policy configuration details forthe device or interface, use the show running-config mdns-sd policy command in privileged EXEC mode.

show running-config mdns-sd policy {global | interface type number}

Syntax Description Displays current running mDNS service-policyconfiguration details for the device.

global

Displays current running mDNS service-policyconfiguration details for the specified interface.






Usage Guidelines To view current runningmDNS service-policy configuration details for the device, use the show running-configmdns-sd policy global command form.

To view current running mDNS service-policy configuration details for a specific interface, use the showrunning-config mdns-sd policy interface type number command form

Examples The following is sample output for the show running-config mdns-sd policy command.

The current running configuration details for the device is displayed below. The output signifies that themDNS gateway functionality is enabled on the device, and the designated gateway status is enabled withouta Time to Live (TTL) value.

Device> enableDevice# show running-config mdns-sd policy global

service-routing mdns-sddesignated-gateway enableservice-type-enumeration period 16


show ip masks through vrf DHCP poolshow running-config mdns-sd policy

The current running configuration details for the interface is displayed below. The output given below signifiesthat the mDNS gateway functionality is enabled on the interface, and the designated gateway status is enabledwith a TTL value of 20 minutes.

Examples Current running configuration details for a device interfaceThe output given below signifies that the mDNS gateway functionality is enabled on the interface, and thedesignated gateway status is enabled with a TTL value of 20 minutes.

Device> enableDevice# show running-config mdns-sd policy interface ethernet 0/1

service-routing mdns-sddesignated-gateway enable ttl 20


Displays current running mDNS service-instanceconfiguration details.

show running-config mdns-sd service-instance

Displays current running mDNS service-listconfiguration details.

show running-config mdns-sd service-list


show ip masks through vrf DHCP poolshow running-config mdns-sd policy

show running-config mdns-sd service-instanceTo display current running multicast Domain Name System (mDNS) service-instance configuration details,use the show running-config mdns-sd service-instance command in privileged EXEC mode.

show running-config mdns-sd service-instance {all | name service-instance-name regtype service-typedomain name}

Syntax Description Displays all current running mDNS service-instanceconfiguration details.

all

Displays current running mDNS service-instanceconfiguration details for the specified service instance.

name service-instance-name

Specifies that the service instance is of the specifiedservice type.

regtype service-type

Specifies the domain with which the service-instanceis being associated.

domain name





Usage Guidelines To view current running mDNS service-instance configuration details for all services, use the showrunning-config mdns-sd service-instance all command form.

To view current running mDNS service-policy configuration details for a specific service-instance, use theshow running-config mdns-sd service-instance name service-instance-name command form. To viewspecific service-instance configuration details, you need to specify the service type and domain name too.

Examples The following is a sample output for the show running-config mdns-sd service-instance command.

The current running mDNS service-instance configuration information for all services is displayed below.The service instance names, the service type and the domain names are displayed in the output.

Device> enableDevice# show running-config mdns-sd service-instance all


show ip masks through vrf DHCP poolshow running-config mdns-sd service-instance

service-instance mdns-sd service serv2 regtype _tcp._123 domain tcpport 55service-instance mdns-sd service serv1 regtype _tcp._12 domain tcp

Examples Current running mDNS service-instance configuration information for a service instance.

Device> enableDevice# show running-config mdns-sd service-instance name serv1 regtype _tcp._12 domain tcp

service-instance mdns-sd service serv1 regtype _tcp._12 domain tcp


Displays current running mDNS service-policyconfiguration details for the device or interface.

show running-config mdns-sd policy

Displays current running mDNS service-listconfiguration details.

show running-config mdns-sd service-list


show ip masks through vrf DHCP poolshow running-config mdns-sd service-instance

show running-config mdns-sd service-listTo display current running multicast Domain Name System (mDNS) service-list configuration details, usethe show running-config mdns-sd service-list command in privileged EXEC mode.

show running-configmdns-sd service-list {all | name service-list-name [sequence-number sequence-number]| query}

Syntax Description Displays all current running mDNS service-listconfiguration details. The details include theservice-list name, sequence number, the option thatis applied, and associated match statements, if any.

all

Displays current running mDNS service-listconfiguration details for the specified service list.

name service-list-name

(Optional) Specifies that the service-list configurationdetails must be displayed for the specified sequencenumber.

Youmust specify the sequence number sincemore than one sequence number can beassociated with the same service-list.

Note

sequence-number sequence-number

Displays current running mDNS service-list querydetails.

query





Usage Guidelines To view current running mDNS service-list configuration details for all service-lists, use the showrunning-config mdns-sd service-list all command form.

To view current running mDNS service-list configuration details for a specific service-list, use the showrunning-configmdns-sd service-list name service-list-name [sequence-number sequence-number] commandform. The keyword-argument pair sequence-number sequence-number enables you to view the matchstatements associated with the service-list. The match statements are associated with service-lists for filteringtypes of service, types of service instances and associated queries, and types of messages such as announcementsand queries.


show ip masks through vrf DHCP poolshow running-config mdns-sd service-list

To view queries that are associatedwith various service-lists, use the show running-configmdns-sd service-listquery command form.

Examples The following is a sample output for the show running-config mdns-sd service-list command.

The current running mDNS service-list configuration information is displayed below. The service list names,match statements, and the permit or deny option details are displayed in the output.

Device> enableDevice# show running-config mdns-sd service-list all

service-list mdns-sd sl1 permit 2service-list mdns-sd sl3 deny 10match message-type announcementmatch service-type _ipp._tcpservice-list mdns-sd srvc-lst permit 6

Examples Current running mDNS service-list configuration for an active query.

Device> enableDevice# show running-config mdns-sd service-list query

service-list mdns-sd sl2 queryservice-list mdns-sd sl-qry queryservice-type ser-typeservice-type _tcp._dom1service-list mdns-sd sd2 query




Displays current running mDNS service-instanceconfiguration details.

show running-config mdns-sd service-instance


show ip masks through vrf DHCP poolshow running-config mdns-sd service-list

show running-config vrfTo display the subset of the running configuration of a router that is linked to a specific VPN routing andforwarding (VRF) instance or linked to all VRFs configured on the router, use the show running-config vrfcommand in privileged EXEC mode.

show running-config vrf [ vrf-name ]

Syntax Description (Optional) Name of the VRF configuration that youwant to display.

vrf-name

Command Default If you do not specify the name of a VRF configuration, the running configurations of all VRFs on the routerare displayed.



This command was introduced.12.2(28)SB

This command was integrated into Cisco IOS Release 12.2(33)SRB.12.2(33)SRB

This command was integrated into Cisco IOS Release 12.2(33)SXH.12.2(33)SXH



This commandwasmodified. The output of the commandwasmodifiedto display the Network Address Translation (NAT) configuration.


Usage Guidelines Use the show running-config vrf command to display a specific VRF configuration or to display all VRFconfigurations on the router. To display the configuration of a specific VRF, specify the name of the VRF.

This command displays the following elements of the VRF configuration:

• The VRF submode configuration.

• The routing protocol and static routing configurations associated with the VRF.

• The configuration of interfaces in the VRF, which includes the configuration of any owning controllerand physical interface for a subinterface.


show ip masks through vrf DHCP poolshow running-config vrf

Examples The following is sample output from the show running-config vrf command. It includes a base VRFconfiguration for VRF vpn3 and Border Gateway Protocol (BGP) and Open Shortest Path First (OSPF)configurations associated with VRF vpn3.

Router# show running-config vrf vpn3

Building configuration...

Current configuration : 720 bytesip vrf vpn3rd 100:1route-target export 100:1route-target import 100:1!!interface GigabitEthernet0/0/1description connected to nat44-1ru-ce1 g0/0/0ip vrf forwarding vpn3ip address 172.17.0.1 255.0.0.0ip nat insideshutdownnegotiation auto!interface GigabitEthernet0/0/3no ip addressnegotiation auto!interface GigabitEthernet0/0/3.2encapsulation dot1Q 2ip vrf forwarding vpn3ip address 10.0.0.1 255.255.255.0ip nat inside!router bgp 100!address-family ipv4 vrf vpn3redistribute connectedredistribute staticexit-address-familyip nat inside source route-map rm-vpn3 pool shared-pool vrf vpn3 match-in-vrf overloadip nat pool shared-pool 10.0.0.2 10.0.0.254 prefix-length 24!router ospf 101 vrf vpn3log-adjacency-changesarea 1 sham-link 10.43.43.43 10.23.23.23 cost 10network 172.17.0.0 0.255.255.255 area 1...endThe table below describes the significant fields shown in the display.

Table 62: show running-config vrf Field Descriptions

DescriptionField

Indicates the number of bytes (720) in the VRF vpn3configuration.

Current configuration: 720 bytes

Indicates the name of the VRF (vpn3) for which theconfiguration is displayed.

ip vrf vpn3



DescriptionField

Identifies the route distinguisher (100:1) for VRFvpn3.

rd 100:1

Specifies the route-target extended community forVRF vpn3.

• Routes tagged with route-target export 100:1are exported from VRF vpn3.

• Routes taggedwith the route-target import 100:1are imported into VRF vpn3.

route-target export 100:1

route-target import 100:1

Specifies the interface associated with VRF vpn3.interface GigabitEthernet0/0/1

Associates VRF vpn3 with the named interface.ip vrf forwarding vpn3

Configures the IP address of the Gigabit Ethernetinterface.

ip address 172.17.0.1 255.0.0.0

Enables NAT of inside addresses.ip nat inside

Sets up a BGP routing process for the router with theautonomous system number as 100.

router bgp 100

Sets up a routing session for VRF vpn3 using thestandard IPv4 address prefixes.

address-family ipv4 vrf vpn3

Redistributes routes that are automatically establishedby the IP on an interface into the BGP routing domain.

redistribute connected


Sets up an OSPF routing process and associates VRFvpn3 with OSPF VRF processes.

router ospf 101 vrf vpn3

Configures a sham-link interface on a provider edge(PE) router in a Multiprotocol Label Switching(MPLS) VPN backbone.

• 1 is the ID number of the OSPF area assignedto the sham-link.

• 10.43.43.43 is the IP address of the source PErouter.

• 10.23.23.23 is the IP address of the destinationPE router.

• 10 is the OSPF cost to send IP packets over thesham-link interface.

area 1 sham-link 10.43.43.43 10.23.23.23 cost 10



DescriptionField

Defines the interfaces on which OSPF runs anddefines the area ID for those interfaces.

network 172.17.0.0 0.255.255.255 area 1


Configures a VRF routing table.ip vrf

Displays the usability status of interfaces configuredfor IP.

show ip interface

Displays the set of defined VRFs and associatedinterfaces.

show ip vrf

Displays the configuration for a specific interface.show running-config interface



sip addressTo configure a Session Initiation Protocol (SIP) server IPv6 address to be returned in the SIP server’s IPv6address list option to clients, use the sip addresscommand in DHCP for IPv6 pool configuration mode. Todisable this feature, use the no form of this command.

sip address ipv6-address

no sip address ipv6-address

Syntax Description An IPv6 address. The ipv6-address argument mustbe in the form documented in RFC 2373 where theaddress is specified in hexadecimal using 16-bitvalues between colons.

ipv6-address


Command Modes DHCP for IPv6 pool configuration



This command was integrated into Cisco IOS Release 12.2(18)SXE.12.2(18)SXE


This command was updated. It was integrated into Cisco IOS XERelease 2.5.

Cisco IOS XE Release 2.5

Usage Guidelines For the Dynamic Host Configuration Protocol (DHCP) for IPv6 server to obtain prefixes from RADIUSservers, the user must also configure the authorization, authentication, and accounting (AAA) client and PPPon the router. For information on how to configure the AAA client and PPP, see the "Implementing ADSLand Deploying Dial Access for IPv6" module.

The sip address command configures a SIP server IPv6 address to be returned in the SIP server’s IPv6 addresslist option to clients. To configure multiple SIP server addresses, issue this command multiple times. The newaddresses will not overwrite old ones.


show ip masks through vrf DHCP poolsip address

Examples In the following example, the SIP server IPv6 address 2001:0db8::2 is configured to be returned in the SIPserver’s IPv6 address list option to clients:

sip address 2001:0DB8::2


Specifies that prefixes are to be acquired from AAAservers.

prefix-delegation aaa

Configures an SIP server domain name to be returnedin the SIP server’s domain name list option to clients.

sip domain-name


show ip masks through vrf DHCP poolsip address

sip domain-nameTo configure a Session Initiation Protocol (SIP) server domain name to be returned in the SIP server’s domainname list option to clients, use the sip domain-namecommand in DHCP for IPv6 pool configuration mode.To disable this feature, use the no form of this command.

sip domain-name domain-name

no sip domain-name domain-name

Syntax Description A domain name for a DHCP for IPv6 client.domain-name

Command Default No default behavior or values.

Command Modes DHCP for IPv6 pool configuration



This command was integrated into Cisco IOS Release 12.2(18)SXE.12.2(18)SXE


This command was updated. It was integrated into Cisco IOS XERelease 2.5.

Cisco IOS XE Release 2.5

Usage Guidelines In order for the Dynamic Host Configuration Protocol (DHCP) for IPv6 server to obtain prefixes fromRADIUSservers, the user must also configure the authorization, authentication, and accounting (AAA) client and PPPon the router. For information on how to configure the AAA client and PPP, see the "Implementing ADSLand Deploying Dial Access for IPv6" module.

The sip domain-name command configures a SIP server domain name to be returned in the SIP server’sdomain name list option to clients. To configure multiple SIP server domain names, issue this commandmultiple times. The new domain names will not overwrite old ones.

Examples The following example configures the SIP server domain name sip1.cisco.com to be returned in the SIPserver’s domain name list option to clients:

sip domain-name sip1.cisco.com


show ip masks through vrf DHCP poolsip domain-name


Specifies that prefixes are to be acquired from AAAservers.

prefix-delegation aaa

Configures a SIP server IPv6 address to be returnedin the SIP server’s IPv6 address list option to clients.

sip address


show ip masks through vrf DHCP poolsip domain-name

snmp-server enable traps dhcpTo enable DHCP Simple Network Management Protocol (SNMP) trap notifications, use the snmp-serverenable traps dhcp command in global configuration mode. To disable DHCP trap notifications, use the noform of this command.

snmp-server enable traps dhcp [duplicate] [interface] [pool] [subnet] [time]

no snmp-server enable traps dhcp [duplicate] [interface] [pool] [subnet] [time]

Syntax Description (Optional) Sends notification about duplicate IPaddresses.

duplicate

(Optional) Sends notification that a per interface leaselimit is exceeded.

interface

(Optional) Sends notification when address utilizationfor an address pool has risen above or fallen below aconfigurable threshold.

pool

(Optional) Sends notification when address utilizationfor a subnet has risen above or fallen below aconfigurable threshold.

subnet

(Optional) Sends notification that the DHCP serverhas started or stopped.

time

Command Default DHCP trap notifications are not sent.

Command Modes Global configuration (config)


This command was introduced.12.2(33)SRC

Usage Guidelines If you do not specify any of the optional keywords, all DHCP trap notifications are enabled.

Examples The following example shows how to send SNMP trap notifications to the SNMPmanager when the secondarysubnet utilization falls below or exceeds the configured threshold:

Router(config)# ip dhcp pool pool2


show ip masks through vrf DHCP poolsnmp-server enable traps dhcp

Router(dhcp-config)# utilization mark high 80 logRouter(dhcp-config)# utilization mark low 70 logRouter(dhcp-config)# network 192.0.2.0 255.255.255.0Router(dhcp-config)# network 192.0.4.0 255.255.255.252 secondaryRouter(config-dhcp-subnet-secondary)# override utilization high 40Router(config-dhcp-subnet-secondary)# override utilization low 30!Router(config)# snmp-server enable traps dhcp subnetIn the following example, all DHCP trap notifications will be sent to the SNMPmanager in response to DHCPserver events:

Router(config)# snmp-server enable traps dhcp


show ip masks through vrf DHCP poolsnmp-server enable traps dhcp

source-interface (mDNS)To specify an alternate source interface for outgoing multicast Domain Name System (mDNS) packets on adevice, use the source-interface command in mDNS configuration mode. To disable the alternate sourceinterface for outgoing mDNS packets on a device, use the no form of this command.

source-interface type number

no source-interface type number

Syntax Description Interface type. Specify the interface that you want toconfigure as the alternate source interface for outgoingmDNS packets on the device. For more information,use the question mark (?) online help function.

type

Interface number. For more information about thenumbering syntax for your networking device, usethe question mark (?) online help function.

number

Command Default An alternate source interface for outgoing mDNS packets is not configured on a device.

Command Modes Multicast DNS configuration (config-mdns)





This command was integrated into the Cisco IOS XE Release 3.15SCisco IOS XE Release 3.15S

This command was integrated into Cisco IOS 15.5(2)S Release.15.5(2)S

Usage Guidelines Some devices have interfaces for which no IP address is assigned. If you configure the source-interfacecommand on such a device, then the IP address of the source-interface is used when outgoing mDNS serviceinformation is transported through the interface with no IP address.


show ip masks through vrf DHCP poolsource-interface (mDNS)

Before configuring the alternate mDNS source interface for a device, ensure that the source interface hasa valid IP address assigned to it.

Note

Examples The following example shows you how to specify an interface as an alternate source interface for outgoingmDNS packets on a device:

Device> enableDevice# configure terminalDevice(config)# service-routing mdns-sdDevice(config-mdns)# source-interface ethernet 0/1Device(config-mdns)# exit


Enables mDNS gateway functionality for a device.service-routing mdns-sd





show ip masks through vrf DHCP poolsource-interface (mDNS)

subnet prefix-lengthTo configure a subnet allocation pool and determine the size of subnets that are allocated from the pool, usethe subnet prefix-length command in DHCP pool configuration mode. To unconfigure subnet pool allocation,use the no form of this command.

subnet prefix-length prefix-length

no subnet prefix-length prefix-length

Syntax Description Configures the IP subnet prefix length in classlessinterdomain routing (CIDR) bit count notation. Therange is from 1 to 31.

prefix-length


Command Modes DHCP pool configuration



This command was integrated into Cisco IOS Release 12.2(28)SB.12.2(28)SB

Usage Guidelines This command is used to configure a Cisco IOS router as a subnet allocation server for a centralized or remoteVirtual Private Network (VPN) on-demand address pool (ODAP) manager. This command is configuredunder a DHCP pool. The prefix-length argument is used to determine the size of the subnets that are allocatedfrom the subnet allocation pool. The values that can be configured for the prefix-length argument followCIDRbit count notation format.

Configuring Global Subnet Pools

Global subnet pools are created in a centralized network. The ODAP server allocates subnets from the subnetallocation server based on subnet availability.When the ODAPmanager allocates a subnet, the subnet allocationserver creates a subnet binding. This binding is stored in the DHCP database for as long as the ODAP serverrequires the address space. The binding is destroyed and the subnet is returned to the subnet pool only whenthe ODAP server releases the subnet as address space utilization decreases.

Configuring VPN Subnet Pools

A subnet allocation server can be configured to assign subnets from VPN subnet allocation pools forMultiprotocol Label Switching (MPLS) VPN clients. VPN routes between the ODAPmanager and the subnetallocation server are configured based on VRF name or VPN ID configuration. The VRF and VPN ID areconfigured to maintain routing information that defines customer VPN sites. This customer site is attached


show ip masks through vrf DHCP poolsubnet prefix-length

to a provider edge (PE) router. A VRF consists of an IP routing table, a derived Cisco Express Forwarding(CEF) table, a set of interfaces that use the forwarding table, and a set of rules and routing protocol parametersthat control the information that is included in the routing table.

Configuring VPN Subnet Pools for VPN clients with VPN IDs

A subnet allocation server can also be configured to assign subnets from VPN subnet allocation pools basedon the VPN ID of a client. The VPN ID (or Organizational Unique Identifier [OUI]) is a unique identifierassigned by the IEEE. VPN routes between the ODAP manager and the subnet allocation server are enabledby configuring the DHCP pool with a VPN ID that matches the VPN ID that is configured for the VPN client.

Examples

Examples The following example configures a router to be a subnet allocation server and creates a global subnet allocationpool named GLOBAL-POOL from the 10.0.0.0 network. The configuration of the subnet prefix-lengthcommand in this example configures each subnet that is allocated from the subnet pool to support 254 hostIP addresses.

ip dhcp pool GLOBAL-POOLnetwork 10.0.0.0 255.255.255.0subnet prefix-length 24

Examples The following example configures a router to be a subnet allocation server and creates a VPN routing andforwarding (VRF) subnet allocation pool named VRF-POOL from the 172.16.0.0 network and configures theVPN tomatch the VRF named pool1. The configuration of the subnet prefix-length command in this exampleconfigures each subnet that is allocated from the subnet pool to support 62 host IP addresses.

ip dhcp pool VRF-POOLvrf pool1network 172.16.0.0 /16subnet prefix-length 26

Examples The following example configures a router to be a subnet allocation server and creates a VRF subnet allocationpool named VPN-POOL from the 192.168.0.0 network and configures the VRF named abc. The VPN IDmust match the unique identifier that is assigned to the client site. The route target and route distinguisher areconfigured in the as-number:network number format. The route target and route distinguisher must match.The configuration of the subnet prefix-length command in this example configures each subnet that isallocated from the subnet pool to support 30 host IP addresses.

ip vrf abcrd 100:1route-target both 100:1vpn id 1234:123456!ip dhcp pool VPN-POOLvrf abcnetwork 192.168.0.0 /24subnet prefix-length /27




Configures a Cisco IOS DHCP server to saveautomatic bindings on a remote host called a databaseagent.

ip dhcp database

Enables the IP address of an interface to beautomatically configured when a DHCP pool ispopulated with a subnet from IPCP negotiation.

ip dhcp pool

Configures the subnet number and mask for a DHCPaddress pool on a Cisco IOS DHCP server.

network (DHCP)

Displays information about the DHCP pools.show ip dhcp pool



term ip netmask-formatTo specify the format in which netmasks are displayed in show command output, use the term ipnetmask-formatcommand inEXEC configuration mode. To restore the default display format, use the noform of this command.

term ip netmask-format {bitcount| decimal| hexadecimal}

no term ip netmask-format [bitcount| decimal| hexadecimal]

Syntax Description Number of bits in the netmask.bitcount

Netmask dotted decimal notation.decimal

Netmask hexadecimal format.hexadecimal

Command Default Netmasks are displayed in dotted decimal format.

Command Modes EXEC





12.2SX

Usage Guidelines IP uses a 32-bit mask that indicates which address bits belong to the network and subnetwork fields, andwhich bits belong to the host field. This range of IP addresses is called a netmask. By default, show commandsdisplay an IP address and then its netmask in dotted decimal notation. For example, a subnet would be displayedas 131.108.11.55 255.255.255.0.

However, you can specify that the display of the network mask appear in hexadecimal format or bit countformat instead. The hexadecimal format is commonly used on UNIX systems. The previous example wouldbe displayed as 131.108.11.55 0XFFFFFF00.

The bitcount format for displaying network masks is to append a slash (/) and the total number of bits in thenetmask to the address itself. The previous example would be displayed as 131.108.11.55/24.


show ip masks through vrf DHCP poolterm ip netmask-format

Examples The following example specifies that network masks for the session be displayed in bitcount notation in theoutput of show commands:

term ip netmask-format bitcount


show ip masks through vrf DHCP poolterm ip netmask-format

timers hellotimeTo configure timers for hellotime and holdtime messages for a redundancy group, use the timershellotimecommand in redundancy application protocol configuration mode. To disable the timers in theredundancy group, use the no form of this command.

timers hellotime [msec] seconds holdtime [msec] seconds

no timers hellotime [msec] seconds holdtime [msec] seconds

Syntax Description (Optional) Specifies the interval, in milliseconds, forhello messages.

msec

Interval time, in seconds, for hello messages. Therange is from 1 to 254.

seconds

Specifies the hold timer.holdtime

Specifies the interval, in milliseconds, for hold timemessages.

msec

Interval time, in milliseconds, for hold timemessages.The range is from 6 to 255.

seconds

Command Default The default value for the hellotime interval is 3 seconds and for the holdtime interval is 10 seconds.

Command Modes Redundancy application protocol configuration (config-red-app-prtc)



Usage Guidelines The hello time is an interval in which hello messages are sent. The holdtime is the time before the active orthe standby device is declared to be in down state. Use themsec keyword to configure the timers in milliseconds.

If you allocate a large amount of memory to the log buffer (e.g. 1 GB), then the CPU andmemory utilizationof the router increases. This issue is compounded if small intervals are set for the hellotime and theholdtime. If you want to allocate a large amount of memory to the log buffer, we recommend that youaccept the default values for the hellotime and holdtime. For the same reason, we also recommend thatyou do not use the preempt command.

Note


show ip masks through vrf DHCP pooltimers hellotime

Examples The following example shows how to configure the hellotime and holdtime messages:

Router# configure terminalRouter(config)# redundancyRouter(config-red)# application redundancyRouter(config-red-app)# protocol 1Router(config-red-app-prtcl)# timers hellotime 100 holdtime 100


Enters redundancy application configuration mode.application redundancy

Configures clear text authentication and MD5authentication for a redundancy group.

authentication

Enters redundancy application group configurationmode.

group(firewall)

Configures the redundancy group with a name.name

Enables preemption on the redundancy group.preempt

Defines a protocol instance in a redundancy group.protocol


show ip masks through vrf DHCP pooltimers hellotime

trusted-port (DHCPv6 Guard)To configure a port to become a trusted port, use the trusted-port command in Dynamic Host ConfigurationProtocol version 6 (DHCPv6) guard configuration mode. To disable this function, use the no form of thiscommand.

trusted-port

no trusted-port


Command Default No ports are trusted.

Command Modes DHCPv6 guard configuration (config-dhcp-guard)



Usage Guidelines When the trusted-port command is enabled, messages received on ports that have this policy are not verified.

Examples The following example defines a DHCPv6 guard policy name as policy1, places the router in DHCPv6 guardconfiguration mode, and sets the port to trusted:

Router(config)# ipv6 dhcp guard policy policy1Router(config-dhcp-guard)# trusted-port


Defines the DHCPv6 guard policy name.ipv6 dhcp guard policy


show ip masks through vrf DHCP pooltrusted-port (DHCPv6 Guard)

update arpTo secure dynamic Address Resolution Protocol (ARP) entries in the ARP table to their corresponding DHCPbindings, use the update arpcommand in DHCP pool configuration mode. To disable this command andchange secure ARP entries to dynamic ARP entries, use the no form of this command.

update arp

no update arp

Syntax Description This command has no keywords or arguments.





Usage Guidelines The update arpDHCP pool configuration command is used to secure ARP table entries and their correspondingDHCP leases. However, existing active leases are not secured. These leases will remain insecure until theyare renewed. When the lease is renewed, it is treated as a new lease and will be secured automatically. If thisfeature is disabled on the DHCP server, all existing secured ARP table entries will automatically change todynamic ARP entries.

This command can be configured only under the following conditions:

• DHCP network pools in which bindings are created automatically and destroyed upon lease terminationor when the client sends a DHCPRELEASE message.

• Directly connected clients on LAN interfaces and wireless LAN interfaces.

The configuration of this command is not visible to the client. When this command is configured, securedARP table entries that are created by a DHCP server cannot be removed from the ARP table by the cleararp-cache command. This is designed behavior. If a secure ARP entry created by the DHCP server must beremoved, the clear ip dhcp binding command can be used. This command will clear the DHCP binding andsecured ARP table entry.

This command does not secure ARP table entries for BOOTP clients.Note


show ip masks through vrf DHCP poolupdate arp

Examples The following example configures the Cisco IOS DHCP server to secure ARP table entries to theircorresponding DHCP leases within the DHCP pool named WIRELESS-POOL:

ip dhcp pool WIRELESS-POOLupdate arp


Deletes all dynamic entries from the ARP cache.clear arp-cache

Deletes an automatic address binding from the CiscoIOS DHCP Server database.

clear ip dhcp binding


show ip masks through vrf DHCP poolupdate arp

update dnsTo dynamically update the Domain Name System (DNS) with address (A) and pointer (PTR) Resource Records(RRs) for some address pools, use the update dns command in global configuration mode. To disable dynamicupdates, use the no form of this command.

update dns [both| never] [override] [before]

no update dns [both| never] [override] [before]

Syntax Description (Optional) Dynamic Host Configuration Protocol(DHCP) server will perform Dynamic DNS (DDNS)updates for both PTR (reverse) and A (forward) RRsassociated with addresses assigned from an addresspool.

both

(Optional) DHCP server will not perform DDNSupdates for any addresses assigned from an addresspool.

never

(Optional) DHCP server will performDDNS updatesfor PTRRRs associated with addresses assigned froman address pool, even if the DHCP client has specifiedin the fully qualified domain name (FQDN) optionthat the server should not perform updates.

override

(Optional) DHCP server will performDDNS updatesbefore sending the DHCP ACK back to the client.The default is to perform updates after sending theDHCP ACK.

before

Command Default No updates are performed.



This command was introduced.12.3(8)YA



show ip masks through vrf DHCP poolupdate dns

Usage Guidelines If you configure the update dns both override command, the DHCP server will perform DDNS updates forboth PTR and A RRs associated with addresses assigned from an address pool, even if the DHCP clientspecified in the FQDN that the server should not.

If the server is configured using this command with or without any of the other keywords, and if the serverdoes not see an FQDN option in the DHCP interaction, then it will assume that the client does not understandDDNS and act as though it were configured to update both A and PTR records on behalf of the client.

Examples The following example shows how to configure the DHCP to never update the A and PTR RRs:

update dns never


Specifies a method of DDNS updates of A and PTRRRs and the maximum interval between the updates.

ip ddns update method


show ip masks through vrf DHCP poolupdate dns

utilization mark highTo configure the high utilizationmark of the current address pool size, use the utilizationmark high commandin DHCP pool configuration mode. To remove the high utilization mark, use the no form of this command.

utilization mark high percentage-number [log]

no utilization mark high percentage-number [log]

Syntax Description Percentage of the current pool size.percentage-number

(Optional) Enables the logging of a system message.log

Command Default The default high utilization mark is 100 percent of the current pool size.




The log keyword was added.12.4(4)T


Usage Guidelines The current pool size is the sum of all addresses in all the subnets in the pool. If the utilization level exceedsthe configured high utilization mark, the pool will schedule a subnet request.

This command can be used with both network and on-demand pools. However, in the case of a network pool,only the log option of this command can be used. In the case of an on-demand pool, the autogrow sizeoptionof the origin command must be configured.

In certain network deployments, it is important for the network administrator to receive asynchronousnotification when the DHCP pools are nearly exhausted so that preventive action can be taken. One commonmethod for such notification is the generation of a system message.

If you use the log option, a system message can be generated for a DHCP pool when the pool utilizationexceeds the configured high utilization threshold. A system message can also be generated when the pool'sutilization is detected to be below the configured low utilization threshold.

Examples The following example sets the high utilization mark to 80 percent of the current pool size:

utilization mark high 80


show ip masks through vrf DHCP poolutilization mark high

The following pool configuration using the log keyword option generates a system message:

! ip dhcp pool abcutilization mark high 30 logutilization mark low 25 lognetwork 10.1.1.0 255.255.255.248!The following system message is generated when the second IP address is allocated from the pool:

00:02:01: %DHCPD-6-HIGH_UTIL: Pool "abc" is in high utilization state (2 addresses used outof 6). Threshold set at 30%.The following systemmessage is generated when one of the two allocated IP addresses is returned to the pool:

00:02:58: %DHCPD-6-LOW_UTIL: Pool "abc" is in low utilization state (1 addresses used outof 6). Threshold set at 25%.


Configures an address pool as an on-demand addresspool.

origin

Configures the low utilization mark of the currentaddress pool size.

utilization mark low


show ip masks through vrf DHCP poolutilization mark high

utilization mark lowTo configure the low utilization mark of the current address pool size, use the utilizationmark low commandin DHCP pool configuration mode. To remove the low utilization mark, use the no form of this command.

utilization mark low percentage-number

no utilization mark low percentage-number

Syntax Description Percentage of the current pool size.percentage-number

Command Default The default low utilization mark is 0 percent of the current pool size.





Usage Guidelines The current pool size is the sum of all addresses in all the subnets in the pool. If the utilization level dropsbelow the configured low utilization mark, a subnet release is scheduled from the address pool.

This command can be used with both network and on-demand pools. However, in the case of a network pool,only the log option of this command can be used. In the case of an on-demand pool, the autogrow sizeoptionof the origin command must be configured.

In certain network deployments, it is important for the network administrator to receive asynchronousnotification when the DHCP pools are nearly exhausted so that preventive action can be taken. One commonmethod for such notification is the generation of a system message.

If you use the log option, a system message can be generated for a DHCP pool when the pool utilizationexceeds the configured high utilization threshold. A system message can also be generated when the pool'sutilization is detected to be below the configured low utilization threshold.

Examples The following example sets the low utilization mark to 20 percent of the current pool size:

utilization mark low 20


show ip masks through vrf DHCP poolutilization mark low



origin

Configures the high utilization mark of the currentaddress pool size.

utilization mark high


show ip masks through vrf DHCP poolutilization mark low

view (DNS)To access or create the specified Domain Name System (DNS) view list member in the DNS view list andthen enter DNS view list member configuration mode, use the view command in DNS view list configurationmode. To remove the specified DNS view list member from the DNS view list, use the no form of thiscommand.

view [vrf vrf-name] {default| view-name} order-number

no view [vrf vrf-name] {default| view-name} order-number

Syntax Description (Optional) The vrf-name argument specifies the nameof the Virtual Private Network (VPN) routing andforwarding (VRF) instance associated with the DNSview. Default is the global VRF (that is, the VRFwhose name is a NULL string).

If the named VRF does not exist, a warningis displayed but the view is added to the viewlist anyway. The specified VRF can bedefined after the view is added as a memberof the view list (and after the view itself isdefined).

Note

More than one DNS view can be associatedwith a VRF. To uniquely identify a DNSview, specify both the view name (or thedefault keyword) and the VRF with whichit is associated.

Note

vrf vrf-name

Specifies that the DNS view is unnamed.


Note

default

String (not to exceed 64 characters) that identifies thename of an existing DNS view.

If the specified view does not exist, awarning is displayed but the default view listmember is added anyway. The specifiedview can be defined after it is added as amember of DNS view list.

Note


Note

view-name


show ip masks through vrf DHCP poolview (DNS)

Integer from 1 to 2147483647 that specifies the orderin which the DNS view is checked, with respect toother DNS views in the same DNS view list.

If the order-number values for the DNS viewswithin a DNS view list are configured withlarge intervals between them (for example, byspecifying order-number values such as 10,20, and 30), additional DNS views can beinserted into the view list quickly withoutaffecting the existing ordering or views in theview list. That is, adding a new view to theview list--or changing the ordering of existingviews within the view list--does not requirethat existing views in the view list be removedfrom the view list and then added back to thelist with new order-number values.

Tip

order-number

Command Default No DNS view is accessed or created.

Command Modes DNS view list configuration



Usage Guidelines This command enters DNS view list member configuration mode--for the specified view list member--so thatusage restrictions can be configured for that view list member. If the DNS view list member does not existyet, the specified DNS view is added to the DNS view list along with the value that indicates the order inwhich the view list member is to be checked (relative to the other DNS views in the view list) whenever therouter needs to determine which DNS view list member to use to address a DNS query.

The maximum number of DNS views and view lists supported is not specifically limited but is dependenton the amount of memory on the Cisco router. Configuring a larger number of DNS views and view listsuses more router memory, and configuring a larger number of views in the view lists uses more routerprocessor time. For optimum performance, configure no more views and view list members than neededto support your Split DNS query forwarding or query resolution needs.

Note



The parameters {default | view-name} and [vrf vrf-name] identify an existing DNS view, as defined byusing the ip dns view command. More than one DNS view can be associated with a VRF. To uniquelyidentify a DNS view, specify both the view name and the VRF with which it is associated.

Note

The view command can be entered multiple times to specify more than one DNS view in the DNS view list.

To display information about a DNS view list, use the show ip dns view-list command.

Subsequent Operations on a DNS View List Member

After you use the view command to define a DNS view list member and enter DNS view list memberconfiguration mode, you can use any of the following commands to configure usage restrictions for the DNSview list member:

• restrict authenticated

• restrict name-group

• restrict source access-group

These optional, additional restrictions are based on query source authentication, the query hostname, and thequery source host IP address, respectively. If none of these optional restrictions are configured for the viewlist member, the only usage restriction on the view list member is the usage restriction based on its associationwith a VRF.

Reordering of DNS View List Members

To provide for efficient management of the order of the members in a view list, each view list memberdefinition includes the specification of the position of that member within the list. That is, the order of themembers within a view list is defined by explicit specification of position values rather than by the order inwhich the individual members are added to the list. This enables you to add members to an existing view listor reorder the members within an existing view list without having to remove all the view list members andthen redefine the view list membership in the desired order:

Examples The following example shows how to add the view user3 to the DNS view list userlist5 and assign this viewmember the order number 40 within the view list. Next, the view user2, associated with the VRF vpn102 andassigned the order number 20 within the view list, is removed from the view list.

Router(config)# ip dns view-list userlist5

Router(cfg-dns-view-list)# view user3 40Router(cfg-dns-view-list-member)# exit

Router(cfg-dns-view-list)# no view vrf vpn102 user2 20


Enters DNS view list configurationmode so that DNSviews can be added to or removed from the orderedlist of DNS views.

ip dns view-list



DescriptionCommand

Restricts the use of the DNS view list member to DNSqueries for which the DNS query host can beauthenticated.

restrict authenticated

Restricts the use of the DNS view list member to DNSqueries for which the query hostname matches aparticular DNS name list.

restrict name-group

Restricts the use of the DNS view list member to DNSqueries for which the query source IP address matchesa particular standard ACL.

restrict source access-group

Displays information about a particular DNS viewlist or about all configured DNS view lists.

show ip dns view-list



vrf (DHCP pool)To associate the on-demand address pool with a VPN routing and forwarding instance (VRF) name, use thevrf command in DHCP pool configurationmode. To remove the VRF name, use the no form of this command.

vrf name

no vrf name

Syntax Description Name of the VRF to which the address pool isassociated.

name





Usage Guidelines Associating a pool with a VRF allows overlapping addresses with other pools that are not on the same VRF.Only one pool can be associated with each VRF. If the pool is configured with the origin dhcp command ororigin aaa command, the VRF information is sent in the subnet request. If the VRF is configured with anRFC 2685 VPN ID, the VPN ID will be sent instead of the VRF name.

Examples The following example associates the on-demand address pool with a VRF named pool1:

ip dhcp pool pool1origin dhcp subnet size initial 24 autogrow 24utilization mark high 85utilization mark low 15vrf pool1



origin


show ip masks through vrf DHCP poolvrf (DHCP pool)

vrf (DHCPv6 pool)To associate a Dynamic Host Configuration Protocol for IPv6 (DHCPv6) address pool with a virtual privatenetwork (VPN) routing and forwarding (VRF) instance, use the vrf command in DHCPv6 pool configurationmode. To remove the VRF name, use the no form of this command.

vrf name

no vrf name

Syntax Description Name of the VRF with which the address pool isassociated.

name

Command Default No VRF is associated with the DHCPv6 address pool.

Command Modes DHCPv6 pool configuration (config-dhcp)




This command was integrated into Cisco IOS Release 15.3(3)M.15.3(3)M

Examples The following example shows how to configure an IPv6 pool named pool1, and associate pool1 with a VRFinstance named vrf1:

Router(config)# ipv6 dhcp pool pool1# vrf vrf1


Configures a DHCPv6 configuration information pooland enters DHCPv6 pool configuration mode.

ipv6 dhcp pool


show ip masks through vrf DHCP poolvrf (DHCPv6 pool)

show ip masks through vrf dhcp pool - cisco.com · start 192.168.1.10 end 192.168.1.253 start...

Documents